Tutorial T7 – Virtualization and Security

Mr. Zed Abbadi, Public Company Accounting Oversight Board (PCAOB)

Tuesday, December 8th, Half Day

In recent years, virtualization has become one of the most deployed technologies in the IT field. It provides clear benefits when it comes to utilization, maintenance, redundancy and lower power consumption. However, just like every new technology, virtualization is still evolving and there are still unanswered security questions. Virtualization is a concept that encompasses many types of technologies used in different configurations and for a variety of reasons. Each one of these technologies presents its own unique sets of security challenges and benefits.

This tutorial will provide a basic understanding of the various virtualization technologies and discuss the security aspects and characteristics of each one. It will provide the audience with valuable material on how to utilize virtualization to decrease risks from security attacks and how to avoid vulnerabilities that may accompany virtualization technologies.

Outline

  1. Virtualization Basics: An introduction to the various types of virtualization technologies and their typical usage. This includes server and client virtualization, and the different software/hardware solutions that exit in the market today.
  2. Server Virtualization Security: A detailed discussion focused on server virtualization and the underlying security benefits and challenges. The discussion will cover bare-metal (monolithic vs. microkernel) and hosted technologies.
  3. Client Virtualization Security: A detailed discussion focused on client virtualization and the underlying security benefits and challenges. The discussion will cover desktop (local and hosted) and application (local and hosted) virtualization technologies.
  4. Other Virtualization Technologies: Other evolving virtualization technologies including OS Steaming and Workspace Virtualization and the security implications that accompany them.

Prerequisites

General understanding of computer architecture and basic security concepts.

About the Instructor

Mr. Zed Abbadi is an Application Security Manager with the Public Company Accounting Oversight Board (PCAOB). He has over 17 years of experience in software and security engineering. His experience ranges from providing security consulting services to building large-scale software systems. In his current role he is responsible for the security of all software applications that run on PCAOB.s infrastructure.

Zed holds a Bachelor of Science in Computer Science and a Masters degree in Systems Engineering from George Mason University. He is a published author and has presented at various security conferences.