Real Holes in Virtual Machines
In a lecture at the CanSecWest security conference, Google employee Tavis Ormandy revealed that virtual machines are by no means perfectly sealed. In many cases, malware could break out of the virtual system and take over the host system, he said.
Anti-virus researchers like to employ virtual machines to examine computer vermin. In such an environment, the pest can do whatever it likes; a click of the mouse cancels all the modifications. But it would be a real problem if a worm could break out of its laboratory prison and infect the host system.
For his study, An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments, Ormandy examined various virtual environments such as Qemu and VMware, for gaps in security that might permit such a jail break, and promptly found some. With the help of fuzzing tools, the researcher found several buffer overruns in Qemu which a program under test could trigger in the virtual system and exploit in this way. And in VMware, Ormandy detected an error in the power management functions that might allow a virtualized attacker to infiltrate code into the host system.
Ormandy's general conclusion is that virtualization is not at all the panacea that many security experts apparently consider it to be. Thorsten Holz of the German Honeynet project explains that this is why they are already experimenting with hardware solutions for CWSandbox which enable the system to be re-set to a safe state.