Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection
IEEE Security and Privacy
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Secure Virtual Machine Execution under an Untrusted Management OS
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
Attack Surfaces: A Taxonomy for Attacks on Cloud Services
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
HyperCheck: a hardware-assisted integrity monitor
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Security and Privacy in Cloud Computing: A Survey
SKG '10 Proceedings of the 2010 Sixth International Conference on Semantics, Knowledge and Grids
Locking the sky: a survey on IaaS cloud security
Computing - Cloud Computing
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
IEEE Security and Privacy
Hi-index | 0.00 |
The rise of the Cloud Computing paradigm has led to security concerns, taking into account that resources are shared and mediated by a Hypervisor which may be targeted by rogue guest VMs and remote attackers. In order to better define the threats to which a cloud server's Hypervisor is exposed, we conducted a thorough analysis of the codebase of two popular open-source Hypervisors, Xen and KVM, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose a characterization of Hypervisor Vulnerabilities comprised of three dimensions: the trigger source (i.e. where the attacker is located), the attack vector (i.e. the Hypervisor functionality that enables the security breach), and the attack target (i.e. the runtime domain that is compromised). This can be used to understand potential paths different attacks can take, and which vulnerabilities enable them. Moreover, most common paths can be discovered to learn where the defenses should be focused, or conversely, least common paths can be used to find yet-unexplored ways attackers may use to get into the system.