Please read our student and staff community guidance on COVID-19
Skip to main content Skip to navigation

Cyber Security for Virtualisation Systems (15cr)

Introduction

This module considers the cyber security consequences of virtualised systems and the opportunities that they offer. Focusing on software containerisation systems such as Docker, and comparing their properties with other virtualisation tools and techniques, the course looks at the trust relationships and the available security controls between the underlying operating system, the container, or other virtualised environment, and the software executing within the container.

Principal module aim is to enable students to regulate the various security relationships between components of a virtualised ecosystem.

Objectives

Upon successful completion participants will be able to:

  • Analyse the security relationships within a virtualised ecosystem: - between a virtualised container and its sibling containers; - between a virtualised container and the underlying host
  • Evaluate the extent to which a virtualised container ecosystem satisfies its desired security properties
  • Configure a virtualised container ecosystem to achieve the desired security properties from the perspective of both the container and the underlying host

Syllabus

Overall context:
- why is virtualisation and containment needed?

Development of containment in computing:
- bare metal evolution, instruction sets, clock speed, storage, multicore
- operating system, multitasking, scheduling, sharing and isolation
- root jails, virtualisation, containers
- resources: cpu cycles, storage, communications bandwidth, entropy, input, output.

Containment ecosystem:
- host, container (guest) and sibling containers (guests)
- virtualisation vs containerisation

Lifecycle of the provision of a service:
- concept, specification, design, development, versioning, signing, testing, deployment, maintenance, evolution, decommissioning, timescales

Security in virtualisation and containment:
- threats, sources, agents, vulnerabilities, exploits, vectors,
- controls, privilege, capabilities – in host and container (guest)
- resource separation, storage, execution, networking – in host and container (guest)

Assessment

Post-module assignment (100%)

Duration

1 week, including 15 hours of lectures and 25 hours of practical classes.