Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Characterizing hypervisor vulnerabilities in cloud computing servers
Perez-Botero D., Szefer J., Lee R.  CloudComputing 2013 (Proceedings of the 2013 International Workshop on Security in Cloud Computing, Hangzhou, China, May 8, 2013)3-10.2013.Type:Proceedings
Date Reviewed: Oct 9 2013

Security, in every application of the concept, is a constantly moving target: once defenders identify and patch a vulnerability, attackers move on to the next weak spot. Efforts are therefore required to track the path of exposures through systems to detect where defenses should be deployed.

Despite the fact that VMware has 81 percent of the hypervisor market share, the authors of this paper have chosen to analyze the capabilities and subsequent vulnerabilities of two less widely used hypervisors, Xen and KVM. By highlighting, for example, where hypervisor add-ons have exposed vulnerabilities, and the general existence of weakness across the majority of their capabilities, however, this paper does not promote the use of these platforms. Vulnerabilities are classified according to the source of the attack trigger (such as the network or hypervisor), the attack vector (such as the interrupt and timing mechanisms or hypervisor add-ons), and the attack target (such as the hypervisor or host operating system (OS)). System vulnerabilities are analyzed according to their impact on hypervisor functionalities, aspects that are not all classifiable as functionalities per se, but also encompass the hardware characteristics of devices.

Vulnerability maps of Xen and KVM are the core contributions of this work, leading the authors to conclude that Xen is more vulnerable to network-based attacks, while KVM is more susceptible to OS-based attacks. Their recommendation, however, is to provision a hypervisor that operates securely at the top level of the system, with the idea that protection will subsequently filter through to the lower-level mechanisms of the platform.

Reviewer:  Cathryn Peoples Review #: CR141628 (1401-0075)
Bookmark and Share
 
Reliability, Availability, And Serviceability (C.4 ... )
 
 
Invasive Software (D.4.6 ... )
 
 
Security and Protection (C.2.0 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Reliability, Availability, And Serviceability": Date
Implementing fault-tolerant services using the state machine approach: a tutorial
Schneider F. ACM Computing Surveys 22(4): 299-319, 2001. Type: Article
Jul 1 1992
Network reliability and algebraic structures
Shier D., Clarendon Press, New York, NY, 1991. Type: Book (9780198533863)
Sep 1 1992
On building systems that will fail
Corbató F. Communications of the ACM 34(9): 72-81, 1991. Type: Article
Sep 1 1992
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy