Characterizing hypervisor vulnerabilities in cloud computing servers

Diego Perez-Botero, Jakub Szefer, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

114 Scopus citations

Abstract

The rise of the Cloud Computing paradigm has led to security concerns, taking into account that resources are shared and mediated by a Hypervisor which may be targeted by rogue guest VMs and remote attackers. In order to better define the threats to which a cloud server's Hypervisor is exposed, we conducted a thorough analysis of the codebase of two popular open-source Hypervisors, Xen and KVM, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose a characterization of Hypervisor Vulnerabilities comprised of three dimensions: the trigger source (i.e. where the attacker is located), the attack vector (i.e. the Hypervisor functionality that enables the security breach), and the attack target (i.e. the runtime domain that is compromised). This can be used to understand potential paths different attacks can take, and which vulnerabilities enable them. Moreover, most common paths can be discovered to learn where the defenses should be focused, or conversely, least common paths can be used to find yet-unexplored ways attackers may use to get into the system.

Original languageEnglish (US)
Title of host publicationCloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing
Pages3-10
Number of pages8
DOIs
StatePublished - Jun 7 2013
Event2013 1st International Workshop on Security in Cloud Computing, Cloud Computing 2013 - Hangzhou, China
Duration: May 8 2013May 8 2013

Publication series

NameCloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing

Other

Other2013 1st International Workshop on Security in Cloud Computing, Cloud Computing 2013
CountryChina
CityHangzhou
Period5/8/135/8/13

All Science Journal Classification (ASJC) codes

  • Software

Keywords

  • attack vectors
  • hypervisor vulnerabilities
  • secure cloud computing
  • virtualization
  • vulnerability categorization

Fingerprint Dive into the research topics of 'Characterizing hypervisor vulnerabilities in cloud computing servers'. Together they form a unique fingerprint.

  • Cite this

    Perez-Botero, D., Szefer, J., & Lee, R. B. (2013). Characterizing hypervisor vulnerabilities in cloud computing servers. In Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing (pp. 3-10). (Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing). https://doi.org/10.1145/2484402.2484406