Abstract
This paper presents various security issues related to hypervisor in cloud. This paper also brings issues possible with a malicious virtual machine running over hypervisor such as exploiting more resources than allocated by VM, stealing sensitive data by bypassing isolation of VM through side channel attacks, allowing attacks to compromise hypervisor. In this paper, we also bring security measures or requirements to be taken and architectures that are needed by hypervisor to handle various security concerns.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
M. Godfrey and M. Zulkernine, “A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud,” Proc. Of 6th IEEE International Conference on Cloud Computing, 2013, pp. 163–170.
S. Yu, X. Gui, J. Lin, X. Zhang, and J. Wang, “Detecting vms Co-residency in the Cloud: Using Cache-based Side Channel Attacks,” Elektronika Ir Elektrotechnika, 19(5), 2013, pp. 73–78.
F. Liu, L. Ren, and H. Bai, “Mitigating Cross-VM Side Channel Attack on Multiple Tenants Cloud Platform,” Journal of Computers, 9(4), 2014, pp. 1005–1013.
J. Wu, L. Ding, Y. Lin, N. Min-Allah, and Y. Wang, “xenpump: A New Method to Mitigate Timing Channel in Cloud Computing,” Proc. Of 5th IEEE International Conference On Cloud Computing, 2012, pp. 678–685.
F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram, “Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing,” Journal of Computer Security, 21(4), 2013, pp. 533–559.
Z. Yang, H. Fang, Y. Wu, C. Li, B. Zhao, and H. Huang, “Understanding the Effects of Hypervisor I/O Scheduling for Virtual Machine Performance Interference,” Proc. Of 4th IEEE International Conference on Cloud Computing Technology and Science (cloudcom 2012), 2012, pp. 34–41.
T. Ormandy, “An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments,” in cansecwest, 2007.
The MITRE Corporation, “Common Vulnerability and Exposures (CVE),” http://cve.mitre.org/, Mar. 2011.
S. King and P. Chen, “Subvirt: implementing malware with virtual machines,” in IEEE Symposium on Security and Privacy, May 2006.
J. Rutkowska, “Subverting Vista kernel for fun and profit,” 2006.
J. Rhee, R. Riley, D. Xu and X. Jiang “Defeating dynamic data kernel Root-kit attacks via VMM based guest transparent monitoring”. In proceedings of ARES 2009, conference 2009, To appear.
T. Garfinkel, et al., “Compatibility is not transparency: Vmm detection myths and realities,” in hotos, 2007.
J. Franklin, et al., “Remote detection of virtual machine monitors with fuzzy benchmarking,” SIGOPS Oper. Syst. Rev., April 2008.
T. Garfinkel, et al., “Terra: a virtual machine-based platform for trusted computing,” in SOSP, 2003.
Trusted Computing Group, http://www.trustedcomputinggroup.org/, June 2011.
A. Azab, et al., “Hima: A hypervisor-based integrity measurement agent,” in ACSAC, dec. 2009.
Z. Wang and X. Jiang, “hypersafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity,” Proc. Of IEEE Symposium on Security and Privacy, 2010, pp. 380–395.
M. Kim, H. Ju, Y. Kim, J. Park, and Y. Park, “Design and Implementation of Mobile Trusted Module for Trusted Mobile Computing,” IEEE Transactions on Consumer Electronics, 56(1), 2010, pp. 134–140.`.
B.D. Payne, Macaroni, M. Sharif and W. Lee.” Lares: an architecture for secure active monitoring using virtualization.” Security and privacy IEEE Symposium ON, 0:233–347.
N.L. Petroni, Jr and M. Hicks, “ automated detection of persistent kernel control flow attacks”. In CCS’07: proceedings of the 14th ACM conference on Computer and communications security, pages 103–115, New York NY, USA 2007, ACM.
Jinpeg Wei, Xiaolan Zhang, Glenn Ammons, Vasantha Bala, Peng nns, “Managing security of virtual machine images in a cloud environment”, in CCW’09 proceedings, Chicago, Illinios, USA, ACM 978-1-60558-78-4/09/11.
A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. Skalsky, “hypersentry: Enabling Stealthy In-context measurement of Hypervisor Integrity,” Proc. Of 17th ACM Conference on Computer and Communications Security, 2010, pp. 38–49.
B. Ding, Y. Wu, Y. He, S. Tian, B. Guan, and G. Wu, “Return- Oriented Programming Attack on the Xen Hypervisor,” Proc. Of 7th International Conference on Availability, Reliability and Security, 2012, pp. 479–484.
X. Jia, R. Wang, J. Jiang, S. Zhang, and P. Liu, “Defending Return-oriented Programming Based on Virtualization Techniques,” Security and Communication Networks, 6(10), 2013, pp. 1236–1249.
B. Ding, Y. He, Y. Wu, and J. Yu, “Systemic Threats to Hypervisor Non-control Data,” Information Security, 7(4), 2013, pp. 349–354.
Y. Xia, Y. Liu, H. Chen, and B. Zang, “Defending against VM Rollback Attack,” Proc. Of 2nd International Workshop on Dependability of Clouds, Data Centers and Virtual Machine Technology (DCDV 2012), 2012.
Moonsols, “livecloudkd,” http://www.moonsols.com/2010/08/12/livecloudkd/, Aug. 2011.
B. Hay and K. Nance, “Forensics examination of volatile system data using virtual introspection,” SIGOPS Oper. Syst. Rev., April 2008.
R. Sailer, et al., “Building a mac-based security architecture for the xen open-source hypervisor,” in ACSAC, 2005.
S. Berger, et al., “vtpm: virtualizing the trusted platform module,” in USENIX Security Symposium, 2006.
F. Liu, L. Ren, and H. Bai, “Secure-Turtles: Building a Secure Execution Environment for Guest vms on Turtles System,” Journal of Computers, 9(3), 2014, pp. 741–749.
J. Szefer, E. Keller, R. Lee, and J. Rexford, “Eliminating the Hypervisor Attack Surface for a More Secure Cloud,” Proc. Of 18th ACM Conference on Computer and Communications Security, 2011, pp. 401–412.
R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin, and L. Van Doorn, “Building a MAC-based Security Architecture for the Xen Open-source Hypervisor,” Proc. Of 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005, pp. 276–285.
P. Karger, “Multi-level Security Requirements for Hypervisors,” Proc. Of 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005, pp. 267–275.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Science+Business Media Singapore
About this paper
Cite this paper
Rama Krishna, S., Padmaja Rani, B. (2017). Virtualization Security Issues and Mitigations in Cloud Computing. In: Satapathy, S., Prasad, V., Rani, B., Udgata, S., Raju, K. (eds) Proceedings of the First International Conference on Computational Intelligence and Informatics . Advances in Intelligent Systems and Computing, vol 507. Springer, Singapore. https://doi.org/10.1007/978-981-10-2471-9_12
Download citation
DOI: https://doi.org/10.1007/978-981-10-2471-9_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-2470-2
Online ISBN: 978-981-10-2471-9
eBook Packages: EngineeringEngineering (R0)