Title :
Experience Report: An Analysis of Hypercall Handler Vulnerabilities
Author :
Milenkoski, Aleksandar ; Payne, Bryan D. ; Antunes, Nuno ; Vieira, Marco ; Kounev, Samuel
Author_Institution :
Karlsruhe Instutute of Technol., Karlsruhe, Germany
Abstract :
Hypervisors are becoming increasingly ubiquitous with the growing proliferation of virtualized data centers. As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hyper calls. Hyper calls enable intrusions in hypervisors through their hyper call interfaces. Despite the importance, there is very limited publicly available information on vulnerabilities of hyper call handlers and attacks triggering them, which significantly hinders advances towards monitoring and securing these interfaces. In this paper, we characterize the hyper call attack surface based on analyzing a set of vulnerabilities of hyper call handlers. We systematize and discuss the errors that caused the considered vulnerabilities, and activities for executing attacks triggering them. We also demonstrate attacks triggering the considered vulnerabilities and analyze their effects. Finally, we suggest an action plan for improving the security of hyper call interfaces.
Keywords :
computer centres; security of data; virtualisation; attack vectors; hyper call attack surface; hyper call handler vulnerability; hyper call interface security; hypervisor; virtualized data centers; Computer crashes; Electronic mail; Kernel; Linux; Security; Servers; Virtual machine monitors; hypercalls; hypervisor security; vulnerability analysis;
Conference_Titel :
Software Reliability Engineering (ISSRE), 2014 IEEE 25th International Symposium on
Conference_Location :
Naples
Print_ISBN :
978-1-4799-6032-3
DOI :
10.1109/ISSRE.2014.24
