Is It Possible for an Attacker To Break Out of a VM?

I love VMs – they make life so much easier in many regards all the way from development and spiking new technologies all the way through to being able to provide elastic production solutions.

Of course, they do have their frustrations – such as getting performance right and having the occasional corrupt VM every now and then.

However – let’s consider an issue of security – is it possible to break out of a VM and get direct access to the host? Well, if you’ve been following popular security blogs then you’ll know that yes – it has at least been possible in the past.  How has it been done in the past though? Well, there’s a great paper here. It is slightly old [2009] though it does demonstrate an interesting technique.

Also, back in June 2012 there was also a vulnerability warning published by US CERT that you can read about here.

 

If you’re security paranoid/skeptical like me then knowing that nothing is ever 100% secure, you’d probably expect that there are new ways to still do it.  However, I haven’t come across any recent papers that illustrate new VM attacks.

So what does this really show and what is the point of posting this?

Well it highlights the need to practice defense in depth – i.e. it’s important to avoid thinking that a VM can never break out of another VM and therefore its ok to be blasé about additional security mechanisms.