TY - GEN
T1 - Characterizing hypervisor vulnerabilities in cloud computing servers
AU - Perez-Botero, Diego
AU - Szefer, Jakub
AU - Lee, Ruby B.
PY - 2013
Y1 - 2013
N2 - The rise of the Cloud Computing paradigm has led to security concerns, taking into account that resources are shared and mediated by a Hypervisor which may be targeted by rogue guest VMs and remote attackers. In order to better define the threats to which a cloud server's Hypervisor is exposed, we conducted a thorough analysis of the codebase of two popular open-source Hypervisors, Xen and KVM, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose a characterization of Hypervisor Vulnerabilities comprised of three dimensions: the trigger source (i.e. where the attacker is located), the attack vector (i.e. the Hypervisor functionality that enables the security breach), and the attack target (i.e. the runtime domain that is compromised). This can be used to understand potential paths different attacks can take, and which vulnerabilities enable them. Moreover, most common paths can be discovered to learn where the defenses should be focused, or conversely, least common paths can be used to find yet-unexplored ways attackers may use to get into the system.
AB - The rise of the Cloud Computing paradigm has led to security concerns, taking into account that resources are shared and mediated by a Hypervisor which may be targeted by rogue guest VMs and remote attackers. In order to better define the threats to which a cloud server's Hypervisor is exposed, we conducted a thorough analysis of the codebase of two popular open-source Hypervisors, Xen and KVM, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose a characterization of Hypervisor Vulnerabilities comprised of three dimensions: the trigger source (i.e. where the attacker is located), the attack vector (i.e. the Hypervisor functionality that enables the security breach), and the attack target (i.e. the runtime domain that is compromised). This can be used to understand potential paths different attacks can take, and which vulnerabilities enable them. Moreover, most common paths can be discovered to learn where the defenses should be focused, or conversely, least common paths can be used to find yet-unexplored ways attackers may use to get into the system.
KW - attack vectors
KW - hypervisor vulnerabilities
KW - secure cloud computing
KW - virtualization
KW - vulnerability categorization
UR - http://www.scopus.com/inward/record.url?scp=84878474065&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84878474065&partnerID=8YFLogxK
U2 - 10.1145/2484402.2484406
DO - 10.1145/2484402.2484406
M3 - Conference contribution
AN - SCOPUS:84878474065
SN - 9781450320672
T3 - Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing
SP - 3
EP - 10
BT - Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing
T2 - 2013 1st International Workshop on Security in Cloud Computing, Cloud Computing 2013
Y2 - 8 May 2013 through 8 May 2013
ER -