Virtual library check-out
is when a checked-out VM image becomes infected on another VMM and later readmitted to its original virtual library [Murphy07]. This type of attack exploits on the fact that the guest VMM may not be as secure as the original virtual library. When the VM image becomes infected on the guest VMM and readmitted into the virtual library, the infection can potentially spread through the entire virtual library to other VMs and hypervisors in the data center or cloud. An example of virtual library check-out is described as follows. A large company hosts many virtual servers in its data center. This virtual library of servers consists of all the VMs controlled by the company. Periodically, employees of the company check out images of the VMs to perform software upgrades and maintenance on their own machines. Because the employee machines are not as secure as the company data center, attackers compromised one of the VMs on an employee machine and planted an infectious seed in the VM image. When the employee checks the VM back into the company data center, the infection migrates with the VM into the data center, giving the attacker access to everything in the data center.