Kernel-based Virtual Machine (KVM)

Definition

Kernel-based virtual machine is an open-source virtualization technology for Linux kernel that allows it to act as a hypervisor. This allows the host device to operate numerous independent virtual machines (VMs).

It uses virtualization extensions, such as AMD-V and Intel VT, to offer a near-native execution environment for virtual machines.

Dangers Associated with Kernel-based Virtual Machine 

• Vulnerabilities: Since KVM is deeply integrated with the Linux kernel, its weaknesses can impact the security of the KVM virtualization environment.
• Misconfiguration: Improper KVM configuration, network settings, or storage can present security risks.
• Resource starvation: Since VM share physical resources, improper resource allocation can deprive the VMs of critical resources, affecting their performance.
• Guest VM vulnerabilities: A malicious guest VM can be an attack vector for attacking other VMs or the host.
• Nested virtualization risks: Operating virtual machines inside of others leads to more complexities and possible attacks.
• Snapshot and migration risks: If not configured properly, VM snapshots are likely to cause security risks. Also, VMs can be intercepted or tampered with if not properly secured during migration between hosts.
• Dependence: KVM cannot function if the hardware doesn’t support virtualization extensions (Intel VT-x and AMD-V).
• Complexity: Incorporating various tools and components (like libvirt, QEMU, etc.) introduces more complexities, which can lead to errors or misconfiguration.

How Does KVM Work?

KVM transforms Linux into a type-1 hypervisor. The system relies on various components and tools to operate VMs, such as device drivers, memory management, I/O stack, and networking. KVM needs these components because it’s integrated into the Linux kernel.

Each VM is configured as a standard Linux process, managed by the Linux scheduler, and equipped with dedicated virtual hardware components like a graphic adapter, network card, memory, CPUs, and disks.

KVM Features

• Security: KVM uses secure virtualization (sVirt) and secure-enhanced Linux (SELinux) to improve VM security and isolation. SELinux creates security boundaries around VMs, while sVirt extends this with MAC security to prevent manual labeling errors.
• Storage: KVM supports various storage methods, such as network-attached storage (NAS), shared file systems, and local disks. It can also use multipath I/O for enhanced storage and redundancy. 
• Hardware support: KVM supports various certified Linux-supported hardware platforms.
• Memory management: KVM assumes memory management features of Linux such as kernel same-page merging and non-uniform memory access.
• Live migration: KVM enables live migration, which entails running VMs between physical hosts without service interruption. This preserves network connections and application continuity while relocating the VM.
• Performance and scalability: Since KVM emulates Linux’s performance, it adjusts accordingly to match the demands of guest machines. Its scalability feature enables it to accommodate diverse workloads and is the foundation for enterprise virtualization setups.
• Lower Latency and Prioritization: The Linux kernel’s real-time extensions enhance latency and prioritization for VM-based applications. This helps divide long computing processes into manageable components for efficient scheduling and processing.