Abstract
Virtual file formats describe entities of virtualization such as virtual machines or virtual hard drives. As virtualization technologies are part of almost every IT environment, all entities contributing to these technologies bare the potential to contain vulnerabilities – either in a technical or design way. In order to elaborate a new class of attacks in Cloud environments which is based on virtual file formats, this paper describes characteristics of these formats, analyzes potential attack vectors and describes found vulnerabilities. The impact of these vulnerabilities allows the access to the hypervisor from within a virtual guest system – the worst case of any threat modeling in virtual environments. This impact will also be used to illustrate how traditional trust and security models have to be adjusted in order to address the architectural changes introduced by Cloud environments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Literature
Mell, Peter and Grance, Tomothy, NIST SP 800-145: The NIST Definition of Cloud Computing, NIST 2011
Catteddu, Daniele and Hogben, Giles, Cloud Computing Risk Assessment, ENISA, 2009
Rey, Enno and Luft, Matthias, The Key To Your Datacenter, Insinuator.net, 2011, http://www.insinuator.net/2011/07/the-key-to-your-datacenter/
Somorovsky, Juraj and Heiderich, Mario, and Jensen, Meiko and Schwenk, Jörg and Gruschka,Nils and Iacono, Nils, All Your Clouds Are Belong To Us, Okt 2011,
Kostya Kortchinsky, Cloudburst, BlackHat US 2009.
Nelson Elhage, Virtunoid: Breaking out of KVM, Defcon 2011.
VMware, VMDK Technote, 2007.
VMware, Security Advisory 2010-0004, 2010.
VMware, Security Advisory 2011-007, 2011
Vanson Bourne, http://v-index.com, July 2012
Anderson N.: How one man tracked down Anonymous—and paid a heavy price, Ars Technica, February 10, 2011, http://arstechnica.com/tech-policy/2011/02/how-one-security-firmtracked- anonymousand-paid-a-heavy-price/ retrived March 15, 2011
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Rey, E., Turbing, P., Mende, D., Luft, M. (2012). Exploiting Virtual File Formats for Fun and Profit. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2012 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-00333-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-658-00333-3_28
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-00332-6
Online ISBN: 978-3-658-00333-3
eBook Packages: Computer ScienceComputer Science (R0)