The present disclosure relates to computing systems, and in particular to maintaining the security of computing systems in virtual operating environments.
Virtualized computing environments, also referred to as cloud computing systems or composite information technology systems, are used to provide computing resources to end users. In a cloud computing environment, the physical hardware configuration is hidden from the end user. Cloud computing systems may include servers, network storage devices, routers, gateways, communication links, software (e.g., applications, operating systems, web services, etc.), and other devices. However, because the physical hardware and software platforms on which cloud computing system is implemented are hidden within a “cloud,” they can be managed, upgraded, replaced or otherwise changed by a system administrator without the customer being aware of or affected by the change.
In a typical cloud computing environment, applications may be executed on virtual machines or appliances, which are guest operating systems installed within a host system and an optional preset configuration and structure (e.g., combination of operating system and web server). A virtual machine (VM) can be a software implementation of a machine or computer that executes programs as would a physical machine, in a manner that is transparent to a user. Virtual machines are typically implemented with software emulation and/or hardware virtualization. A single hardware and/or software platform may host a number of virtual machines, each of which may have access to some portion of the platform's resources, such as processing resources, storage resources, etc.
Because cloud computing treats computer resources as remote services that are accessed by customers, and because the actual physical resources that are used to implement a cloud computing environment may be accessed by many different customers, security is an important aspect of cloud computing. In a cloud computing environment, different customers may have different security requirements, which may be implemented using different security policies. However, hosting applications that have different security requirements in a single cloud computing environment may raise additional security issues. For example, when highly secured systems are hosted along with lower security systems, an attacker may attempt to leverage the lower security system to gain access to the highly secured systems.