virtualbox.org

Hi my name is Thodoris and I am running a project about Virtual Box. I am a student of Information and Communication Systems Security (Postgraduate Courses) at Greece and I would be very helpful if someone could direct me about security information in Oracle Virtual Box. I have allready found some
information but not specific enough. Information like how a secure virtual machine could work, it would be very helpful for me.

"Could work"? As far as I know VirtualBox currently provides no security features other than those inherent in any VM platform (i.e. the inability of rogue software inside a VM to access your host hardware, hard drive etc).

I'm also not sure what "security" means to you. Is it preventing damage from malware, is it ensuring privacy, or both?

Bear in mind that VirtualBox makes virtual PCs - i.e. it provides the hardware. The operating systems come from their usual sources, and implement their usual security measures. Data protection and privacy would I suspect be considered an OS feature, not a hardware feature.

The possibility has been suggested in the past that VirtualBox could provide the means to encrypt disk images. I can see the value in that, but it might complicate matters viz US export laws (unless any of those nonsensical laws have been revised recently - I don't keep up).

I wasn't clear enough. My English is a little bit poor and I'm new in this subject. I wonder if you can provide me any link that points out security issues in Virtual Box. The subject of my project is "Security analysis of Virtual box". Unfortunately I can't find enough information in the web. I'm talking about the security you referred to. I need to find documentation of any kind, about preventing corruption of data in the main OS, by the OS which is running inside Virtual Box. I want to analyse the prospective that VB provides for securing both main and sub Operating Systems (Preventing damage from malware, ensuring privacy, data protection). For example, can a hacker gain access in the sub OS, so he could damage the main? I also sent an e-mail to vbox-security@sun.com, but I had no response.

I am not aware of any security issues in VirtualBox, nor am I aware of documentation which specifically discusses security in a VirtualBox context. The security provided by VirtualBox is implicit in any VM platform, i.e. that the guest OS runs on simulated hardware and therefore the OS (and any applications it happens to be running at the time) can only influence simulated hardware, not real hardware. "Hardware" here includes formatted hard drives holding data.

The VM is effectively a independant, second PC. Imagine two PCs sitting side by side: what "security issues" could arise in one PC that might affect the other? Well, clearly nothing could fit that description unless there is a communications link between them. Even if a communications link exists, there would also have to exist a credible mechanism above that capable of transporting malware (other than in the form of software which the user deliberately copies via eg. shared folders).