Skip to main content
SpringerLink
Log in

Virtualization Security Issues and Mitigations in Cloud Computing

  • Conference paper
  • First Online:
Proceedings of the First International Conference on Computational Intelligence and Informatics

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 507))

Abstract

This paper presents various security issues related to hypervisor in cloud. This paper also brings issues possible with a malicious virtual machine running over hypervisor such as exploiting more resources than allocated by VM, stealing sensitive data by bypassing isolation of VM through side channel attacks, allowing attacks to compromise hypervisor. In this paper, we also bring security measures or requirements to be taken and architectures that are needed by hypervisor to handle various security concerns.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. M. Godfrey and M. Zulkernine, “A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud,” Proc. Of 6th IEEE International Conference on Cloud Computing, 2013, pp. 163–170.

    Google Scholar 

  2. S. Yu, X. Gui, J. Lin, X. Zhang, and J. Wang, “Detecting vms Co-residency in the Cloud: Using Cache-based Side Channel Attacks,” Elektronika Ir Elektrotechnika, 19(5), 2013, pp. 73–78.

    Google Scholar 

  3. F. Liu, L. Ren, and H. Bai, “Mitigating Cross-VM Side Channel Attack on Multiple Tenants Cloud Platform,” Journal of Computers, 9(4), 2014, pp. 1005–1013.

    Google Scholar 

  4. J. Wu, L. Ding, Y. Lin, N. Min-Allah, and Y. Wang, “xenpump: A New Method to Mitigate Timing Channel in Cloud Computing,” Proc. Of 5th IEEE International Conference On Cloud Computing, 2012, pp. 678–685.

    Google Scholar 

  5. F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram, “Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing,” Journal of Computer Security, 21(4), 2013, pp. 533–559.

    Google Scholar 

  6. Z. Yang, H. Fang, Y. Wu, C. Li, B. Zhao, and H. Huang, “Understanding the Effects of Hypervisor I/O Scheduling for Virtual Machine Performance Interference,” Proc. Of 4th IEEE International Conference on Cloud Computing Technology and Science (cloudcom 2012), 2012, pp. 34–41.

    Google Scholar 

  7. T. Ormandy, “An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments,” in cansecwest, 2007.

    Google Scholar 

  8. The MITRE Corporation, “Common Vulnerability and Exposures (CVE),” http://cve.mitre.org/, Mar. 2011.

  9. S. King and P. Chen, “Subvirt: implementing malware with virtual machines,” in IEEE Symposium on Security and Privacy, May 2006.

    Google Scholar 

  10. J. Rutkowska, “Subverting Vista kernel for fun and profit,” 2006.

    Google Scholar 

  11. J. Rhee, R. Riley, D. Xu and X. Jiang “Defeating dynamic data kernel Root-kit attacks via VMM based guest transparent monitoring”. In proceedings of ARES 2009, conference 2009, To appear.

    Google Scholar 

  12. T. Garfinkel, et al., “Compatibility is not transparency: Vmm detection myths and realities,” in hotos, 2007.

    Google Scholar 

  13. J. Franklin, et al., “Remote detection of virtual machine monitors with fuzzy benchmarking,” SIGOPS Oper. Syst. Rev., April 2008.

    Google Scholar 

  14. T. Garfinkel, et al., “Terra: a virtual machine-based platform for trusted computing,” in SOSP, 2003.

    Google Scholar 

  15. Trusted Computing Group, http://www.trustedcomputinggroup.org/, June 2011.

  16. A. Azab, et al., “Hima: A hypervisor-based integrity measurement agent,” in ACSAC, dec. 2009.

    Google Scholar 

  17. Z. Wang and X. Jiang, “hypersafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity,” Proc. Of IEEE Symposium on Security and Privacy, 2010, pp. 380–395.

    Google Scholar 

  18. M. Kim, H. Ju, Y. Kim, J. Park, and Y. Park, “Design and Implementation of Mobile Trusted Module for Trusted Mobile Computing,” IEEE Transactions on Consumer Electronics, 56(1), 2010, pp. 134–140.`.

    Google Scholar 

  19. B.D. Payne, Macaroni, M. Sharif and W. Lee.” Lares: an architecture for secure active monitoring using virtualization.” Security and privacy IEEE Symposium ON, 0:233–347.

    Google Scholar 

  20. N.L. Petroni, Jr and M. Hicks, “ automated detection of persistent kernel control flow attacks”. In CCS’07: proceedings of the 14th ACM conference on Computer and communications security, pages 103–115, New York NY, USA 2007, ACM.

    Google Scholar 

  21. Jinpeg Wei, Xiaolan Zhang, Glenn Ammons, Vasantha Bala, Peng nns, “Managing security of virtual machine images in a cloud environment”, in CCW’09 proceedings, Chicago, Illinios, USA, ACM 978-1-60558-78-4/09/11.

    Google Scholar 

  22. A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. Skalsky, “hypersentry: Enabling Stealthy In-context measurement of Hypervisor Integrity,” Proc. Of 17th ACM Conference on Computer and Communications Security, 2010, pp. 38–49.

    Google Scholar 

  23. B. Ding, Y. Wu, Y. He, S. Tian, B. Guan, and G. Wu, “Return- Oriented Programming Attack on the Xen Hypervisor,” Proc. Of 7th International Conference on Availability, Reliability and Security, 2012, pp. 479–484.

    Google Scholar 

  24. X. Jia, R. Wang, J. Jiang, S. Zhang, and P. Liu, “Defending Return-oriented Programming Based on Virtualization Techniques,” Security and Communication Networks, 6(10), 2013, pp. 1236–1249.

    Google Scholar 

  25. B. Ding, Y. He, Y. Wu, and J. Yu, “Systemic Threats to Hypervisor Non-control Data,” Information Security, 7(4), 2013, pp. 349–354.

    Google Scholar 

  26. Y. Xia, Y. Liu, H. Chen, and B. Zang, “Defending against VM Rollback Attack,” Proc. Of 2nd International Workshop on Dependability of Clouds, Data Centers and Virtual Machine Technology (DCDV 2012), 2012.

    Google Scholar 

  27. Moonsols, “livecloudkd,” http://www.moonsols.com/2010/08/12/livecloudkd/, Aug. 2011.

  28. B. Hay and K. Nance, “Forensics examination of volatile system data using virtual introspection,” SIGOPS Oper. Syst. Rev., April 2008.

    Google Scholar 

  29. R. Sailer, et al., “Building a mac-based security architecture for the xen open-source hypervisor,” in ACSAC, 2005.

    Google Scholar 

  30. S. Berger, et al., “vtpm: virtualizing the trusted platform module,” in USENIX Security Symposium, 2006.

    Google Scholar 

  31. F. Liu, L. Ren, and H. Bai, “Secure-Turtles: Building a Secure Execution Environment for Guest vms on Turtles System,” Journal of Computers, 9(3), 2014, pp. 741–749.

    Google Scholar 

  32. J. Szefer, E. Keller, R. Lee, and J. Rexford, “Eliminating the Hypervisor Attack Surface for a More Secure Cloud,” Proc. Of 18th ACM Conference on Computer and Communications Security, 2011, pp. 401–412.

    Google Scholar 

  33. R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin, and L. Van Doorn, “Building a MAC-based Security Architecture for the Xen Open-source Hypervisor,” Proc. Of 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005, pp. 276–285.

    Google Scholar 

  34. P. Karger, “Multi-level Security Requirements for Hypervisors,” Proc. Of 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005, pp. 267–275.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, VRS & YRN College of Engineering & Technology, Chirala, 523155, India

    S. Rama Krishna

  2. Department of Computer Science & Engineering, JNTUCEH, Hyderabad, India

    B. Padmaja Rani

Authors
  1. S. Rama Krishna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Padmaja Rani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Rama Krishna .

Editor information

Editors and Affiliations

  1. ANITS, Prof., Comp. Sci. & Engg. Dept. ANITS, Visakhapatnam, Andhra Pradesh, India

    Suresh Chandra Satapathy

  2. JNTUH College of Engg. HYD (Autonomous), Prof. & Head, Comp. Sci. & Engg. Dept. JNTUH College of Engg. HYD (Autonomous), Hyderabad, Telangana, India

    V. Kamakshi Prasad

  3. JNTUH College of Engg. HYD (Autonomous), Pro., Dept. Computer Science & Engg. JNTUH College of Engg. HYD (Autonomous), Hyderabad, Telangana, India

    B. Padmaja Rani

  4. SCIS, University of Hyderabad , Hyderabad, India

    Siba K. Udgata

  5. CMR Technical Campus , Hyderabad, India

    K. Srujan Raju

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Science+Business Media Singapore

About this paper

Cite this paper

Rama Krishna, S., Padmaja Rani, B. (2017). Virtualization Security Issues and Mitigations in Cloud Computing. In: Satapathy, S., Prasad, V., Rani, B., Udgata, S., Raju, K. (eds) Proceedings of the First International Conference on Computational Intelligence and Informatics . Advances in Intelligent Systems and Computing, vol 507. Springer, Singapore. https://doi.org/10.1007/978-981-10-2471-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2471-9_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2470-2

  • Online ISBN: 978-981-10-2471-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation