In recent years, virtual machines (VMs) have become clearly very important for the computing infrastructure of companies. It is therefore not surprising that attacks on VMs have increased. The paper looks at threats to, and defenses of, VMs through directly assigned devices. A device is assigned exclusively to one VM by directly mapping it into the VM’s address space. This increases the performance and one might also expect that it reduces covert channels; however, it opens VMs up to many possible attacks.
The authors replicated several previously described attacks and present them in detail. Moreover, they also found two new attacks. The authors categorize the attacks into several attack classes according to the violation of the isolation property: guest-to-VMM; guest-to-host; host-to-VMM; guest-to-guest; guest-to-self; and host-to-self.
The paper is important as it not only gives a comprehensive overview of existing attacks and presents two new attacks, but it also leads the way to having papers systematically reinvestigate known attacks, to verify their applicability and to present them in a condensed, well-organized form.