VIRTUAL DESKTOP INFRASTRUCTURE: AN ANALYSIS 2

Virtual Desktop Infrastructure: an Analysis of New Security Challenges

Today, every single minute, the industry of Information Technology is seeing the
emergence of various technologies, researching all steadily to provide more flexibility for the
communication networks, more mobility for the end users, more accuracy in tasks execution, and
mainly more earnings for the stakeholders. The virtual desktop infrastructure is a promising one.
Some believe that its adoption across the businesses world is for soon. However, by taking
account of the extent of security challenges residing in cloud computing which is cornerstone of
the virtual desktop infrastructure (VDI). We believe that deeper explorations are required before.
We recommend every single corporate who intends to take advantage from VDI, to take a closer
look at its security aspect. By doing so, the corporate will not undermine its information security
management system, will not increase the likelihood of holding malicious software, and will not
alter consistency in the usage of numerous protocols.
In turn, the information security system is as any other system: its successful working is
relying on every atomic component. Its efficacy is undergone the coherence residing among
those components. The entire system might be disrupted, even if one of its elements is fallen.
Recently, researchers have revealed that by doing a rollback of virtual machines (VMs), in some
cases, might lead to override any patches that have been previously applied. This tends to expose
the infrastructure to well-known vulnerabilities which by the past have been mitigated
(Gardfinkel, 2005). Moreover, the virtual machine, in turn, entirely encapsulates the state of the
guest operation system. Hence, by instantiating it within the same physical environment, due to
inadvertence modifications in the VMs files, the system might leak sensitive information
unwarily.
In a traditional computer environment, at a specific moment, the system manager of the
infrastructure distributes the patches, scans the workstations and so forth. Oppositely, regular
virtual environment is different. With respect to the state of guest operation system, the patches
may be different, for the same VM depending on the actual environment. So patch management
is sharply difficult to be consistent. This drives many configuration conflicts. This also erodes
the monotonic forward progress and occults dormant worms and virus (Gardfinkel, 2005).
There are protocols that their mechanisms require freshness from their random number
source. Therefore, suppose that a VM has been rolled back immediately after the selection of this
random number, but before its utilization. There are evidences, after this system has been
resumed, we can detect pattern with the usage of the stream cipher. The fact is doing so two
different plaintexts might use the same key stream. For instance, we can count up the reuse of
TCP initial sequence (Bellovin, 1989), almost all the Zero Knowledge Proofs of Knowledge
Based protocols (ZKPK protocols), the Digital Signature Standard (DSS) (M. Bellare, 1997).
The VDI is part of next generation certes, but before we need more researches on its
security vulnerabilities. This way, we might maintain a resilient information security
management system, be efficient against malicious software, and be consistent in the usage of
protocols. As there were depicted, such technology move forward the security paradigm. The
way, patch management has been done couple years ago has also changed and many others. So
without such researches we couldnt leverage the VDI at its paramount and opportunities will be
lost.
VIRTUAL DESKTOP INFRASTRUCTURE: AN ANALYSIS 3

REFERENCES
Bellovin, S. M. (1989). Security problems in the TCP/IP protocol suite. SIGCOMM Computer
Communication, 32-48.
Gardfinkel, M. R. (2005). When Virtual is Harder than Real: Security Challengens in the Virtual
Machine Based Computing Environments. HotOS X Paper, 1-14.
Lam, C. S. (2003). Virtual appliances in the Collective: A road to hassle-free computing. In
(HOTOS-XI) Journal, n.a.
M. Bellare, S. G. (1997). "Pseudo-random" number generation within cryptographic algorithms:
The DDS case. In CRYPTO Journal, 277-291.
Noble, P. M. (2011). When virtual is better than real. In (HOTOS-VIII), Schloss Elmau, n. a.
Satyanarayanan, M. K. (2002). Internet suspend/resume. In Forth IEEE Workshop on Mobile
Computing Systems and Applications, 40-.