期刊
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
卷 19, 期 3, 页码 1783-1794出版社
IEEE COMPUTER SOC
DOI: 10.1109/TDSC.2020.3037022
关键词
Virtual machine monitors; Cloud computing; Virtualization; Hardware; Security; Operating systems; Rootkit; Cloud computing; virtual machine monitor; cross-VM attack; network-channel attack; ROP; impersonation
Cloud providers strive to maintain high levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-residing VMs and processes separate, but vulnerabilities in shared virtual network, VMM, and hardware may lead to cross VM attacks, allowing malicious VMs to potentially access or control other VMs, as demonstrated in two novel zero-day network channel attacks presented in this research.
Cloud providers attempt to maintain the highest levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-located VMs and processes separate. This logical isolation creates an internal virtual network to separate VMs co-residing within a shared physical network. However, as co-residing VMs share their underlying VMM (Virtual Machine Monitor), virtual network, and hardware are susceptible to cross VM attacks. It is possible for a malicious VM to potentially access or control other VMs through network connections, shared memory, other shared resources, or by gaining the privilege level of its non-root machine. This research presents a two novel zero-day cross-VM network channel attacks. In the first attack, a malicious VM can redirect the network traffic of target VMs to a specific destination by impersonating the Virtual Network Interface Controller (VNIC). The malicious VM can extract the decrypted information from target VMs by using open source decryption tools such as Aircrack. The second contribution of this research is a privilege escalation attack in a cross VM cloud environment with Xen hypervisor. An adversary having limited privileges rights may execute Return-Oriented Programming (ROP), establish a connection with the root domain by exploiting the network channel, and acquiring the tool stack (root domain) which it is not authorized to access directly. Countermeasures against this attacks are also presented
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据