KVM Security in Multi-Tenant Cloud Environments


It’s useful to note that security in an open source KVM environment occurs on three levels: the kernel layer within the Linux OS, network layer, and at the hardware level.

Since its kernel-based protection mechanisms were created early on in Linux development, KVM incorporates key SELinux controls to provide isolation and confinement for processes. This means data and applications are fully protected, even in multi-tenant environments where multiple clients are served by one software instance.

At the kernel level, RHEV KVM maintains the security-hardened virtual host Dom0, which acts as a privileged VM and carries messages to and from the hypervisor. Dom0 represents a minimal Linux implementation and requires its own patches, security scans, and monitoring.

The kernel-level administrative feature, mandatory access control (MAC), and the sVirt API  Directory Access Control (DAC) both manage VM resource access. Each supports strong guest isolation and make sure that resource allocation is carefully distributed.

Network filtering represents a second layer of virtualization security. Since virtualization depends on a constant flow of information, filtering ensures separation as network packets travel between machines and hypervisors. KVM manages traffic at this network layer, ensuring effective guest/host communications, bridge filtering, and firewall-related safeguards.

For example, Colosseum Online used RHEL KVM to set up its multiple virtual local area networks (vLANs). These provide customers with a virtual infrastructure to take the place of an array of physical datacenter devices, from physical machines to switches, firewalls, and load balancers.

Built-in processor commands, such as Intel’s VM Extensions (VMX) and AMD Secure Virtual Machine (SVM) instructions, constitute the third level of KVM protection and ensure further guest isolation. Such access controls offer hardware isolation protection to prevent any guest from completely controlling the host PC.

Finally, Common Criteria Certification at Evaluation Assurance Level +4 (EAL4+) represents industry-level validation of KVM’s virtualization security for the enterprise. The certification ensures that the KVM hypervisor on RHEL and industry standard x86 servers meets governmental security requirements. Common criteria certification guarantees enterprises, financial institutions, and federal agencies that SELinux and KVM offer stable, high-performance protection for multi-tenant environments based on open source.

Reproduced from Global Knowledge white paper: KVM Security in the Cloud: A Choice That Matters.

Related Courses
Red Hat® Linux Kernel Internals 1 (RHD361)
Red Hat® Linux Kernel Internals 2: Device Drivers (RHD362)

In this article

Join the Conversation