Taming Virtualization

Carbone, Martim; Lee, Wenke; Zamboni, Diego

doi:10.1109/msp.2008.24

Cited by 25 publications

(16 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It is a program running on the host, and hence, susceptible to risk when the volume and complexity of application code increases (Krutz and Vines, 2010). One attack of externally modifying hypervisor is known as VM-based malware/rootkit (VMBR) (Carbone et al, 2008;Le and Wang, 2011), which attempts to execute malicious code instead of system call from hypervisor to the host OS. A Trusted Platform Module (TPM) in the host helps to create a trust relationship with the hypervisor (Krutz and Vines, 2010).…”

Section: Virtual Machinesmentioning

confidence: 99%

Intrusion detection system: A comprehensive review

Liao

Lin

et al. 2013

Journal of Network and Computer Applications

1,215

547

View full text Add to dashboard Cite

Section: Virtual Machinesmentioning

confidence: 99%

Intrusion detection system: A comprehensive review

Liao

Lin

et al. 2013

Journal of Network and Computer Applications

1,215

547

View full text Add to dashboard Cite

“…This is possible when attacker injects an hypervisor beneath the original one, or has direct access to the original hypervisor. Hijacking an Operating System (OS) using a hypervisor is associated to the emergence of VM-based rootkit (VMBR) with Subvirt, Vitriol and Blue Pill as illustrating proof-of-concepts [33]. When the target is the host OS, hyperjacking becomes a serious attack as once the hypervisor is owned, attacker can take full control of the environment, and use any guest OS as a staging ground to attack other guests.…”

Section: From Cloud Providermentioning

confidence: 99%

Classifying malware attacks in IaaS cloud environments

et al. 2017

View full text Add to dashboard Cite

In the last few years, research has been motivated to provide a categorization and classification of security concerns accompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by the risks, threats and vulnerabilities imposed by the components within the environment and have provided general classifications of related attacks, as well as the respective detection and mitigation mechanisms. Virtual Machine Introspection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized environments. In this paper, we classify attacks in IaaS cloud that can be investigated using VMI-based mechanisms. This infers a special focus on attacks that directly involve Virtual Machines (VMs) deployed in an IaaS cloud. Our classification methodology takes into consideration the source, target, and direction of the attacks. As each actor in a cloud environment can be both source and target of attacks, the classification provides any cloud actor the necessary knowledge of the different attacks by which it can threaten or be threatened, and consequently deploy adapted VMI-based monitoring architectures. To highlight the relevance of attacks, we provide a statistical analysis of the reported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.

show abstract

“…This requires that only the hypervisor is protected from attacks. To this end, several solutions have proposed the protection of the hypervisor from run-time attacks , or a micro-hypervisor architecture [Murray et al 2008] [Steinberg and Kauer 2010], or the introduction of a further nested layer of virtualization [Carbone et al 2008] [Zhang et al 2011a]. All these approaches will be categorized and detailed in the following.…”

Section: Solutionsmentioning

confidence: 99%

“…Other solutions insert another layer below the hypervisor to check the integrity of the hypervisor. GuardHype [Carbone et al 2008] is a hypervisor with a focus on VMBR prevention that allows the execution of legitimate third-party hypervisors but disallow VMBRs. GuardHype mediates the access of third-party hypervisors to the hardware virtualization extensions, effectively acting as a hypervisor for hypervisors.…”

Section: 34mentioning

confidence: 99%

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Sgandurra

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.

show abstract

Taming Virtualization

Cited by 25 publications

References 1 publication

Intrusion detection system: A comprehensive review

Intrusion detection system: A comprehensive review

Classifying malware attacks in IaaS cloud environments

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Contact Info

Product

Resources

About