Virtual Desktop Infrastructure: an Analysis of New Security Challenges
Today, every single minute, the industry of Information Technology is seeing the emergence of various technologies, researching all steadily to provide more flexibility for the communication networks, more mobility for the end users, more accuracy in tasks execution, and mainly more earnings for the stakeholders. The virtual desktop infrastructure is a promising one. Some believe that its adoption across the businesses world is for soon. However, by taking account of the extent of security challenges residing in cloud computing which is cornerstone of the virtual desktop infrastructure (VDI). We believe that deeper explorations are required before. We recommend every single corporate who intends to take advantage from VDI, to take a closer look at its security aspect. By doing so, the corporate will not undermine its information security management system, will not increase the likelihood of holding malicious software, and will not alter consistency in the usage of numerous protocols. In turn, the information security system is as any other system: its successful working is relying on every atomic component. Its efficacy is undergone the coherence residing among those components. The entire system might be disrupted, even if one of its elements is fallen. Recently, researchers have revealed that by doing a rollback of virtual machines (VMs), in some cases, might lead to override any patches that have been previously applied. This tends to expose the infrastructure to well-known vulnerabilities which by the past have been mitigated (Gardfinkel, 2005). Moreover, the virtual machine, in turn, entirely encapsulates the state of the guest operation system. Hence, by instantiating it within the same physical environment, due to inadvertence modifications in the VMs files, the system might leak sensitive information unwarily. In a traditional computer environment, at a specific moment, the system manager of the infrastructure distributes the patches, scans the workstations and so forth. Oppositely, regular virtual environment is different. With respect to the state of guest operation system, the patches may be different, for the same VM depending on the actual environment. So patch management is sharply difficult to be consistent. This drives many configuration conflicts. This also erodes the monotonic forward progress and occults dormant worms and virus (Gardfinkel, 2005). There are protocols that their mechanisms require freshness from their random number source. Therefore, suppose that a VM has been rolled back immediately after the selection of this random number, but before its utilization. There are evidences, after this system has been resumed, we can detect pattern with the usage of the stream cipher. The fact is doing so two different plaintexts might use the same key stream. For instance, we can count up the reuse of TCP initial sequence (Bellovin, 1989), almost all the Zero Knowledge Proofs of Knowledge Based protocols (ZKPK protocols), the Digital Signature Standard (DSS) (M. Bellare, 1997). The VDI is part of next generation certes, but before we need more researches on its security vulnerabilities. This way, we might maintain a resilient information security management system, be efficient against malicious software, and be consistent in the usage of protocols. As there were depicted, such technology move forward the security paradigm. The way, patch management has been done couple years ago has also changed and many others. So without such researches we couldnt leverage the VDI at its paramount and opportunities will be lost. VIRTUAL DESKTOP INFRASTRUCTURE: AN ANALYSIS 3
REFERENCES Bellovin, S. M. (1989). Security problems in the TCP/IP protocol suite. SIGCOMM Computer Communication, 32-48. Gardfinkel, M. R. (2005). When Virtual is Harder than Real: Security Challengens in the Virtual Machine Based Computing Environments. HotOS X Paper, 1-14. Lam, C. S. (2003). Virtual appliances in the Collective: A road to hassle-free computing. In (HOTOS-XI) Journal, n.a. M. Bellare, S. G. (1997). "Pseudo-random" number generation within cryptographic algorithms: The DDS case. In CRYPTO Journal, 277-291. Noble, P. M. (2011). When virtual is better than real. In (HOTOS-VIII), Schloss Elmau, n. a. Satyanarayanan, M. K. (2002). Internet suspend/resume. In Forth IEEE Workshop on Mobile Computing Systems and Applications, 40-.