Hyperthreats: Hypercall-based DoS attacks

Author

Shropshire, Jordan

Author_Institution

CIS, Univ. of South Alabama, Mobile, AL, USA

fYear

2015

fDate

9-12 April 2015

Firstpage

1

Lastpage

7

Abstract

The cloud offers a new environment for achieving Denial of Service (DoS) conditions on targeted infrastructure. Once confined to the network, they are now conducted over the hypercall interface. These attacks are initiated by malicious, unprivileged guests with a goal of incapacitating hosting hypervisors. Because they are not packet-based, they cannot be detected or prevented using network security measures. The present study systematically explores this risk and develops a taxonomy of hypercall-based DoS attacks. For purpose of illustration, a denial of service is attempted against a Xen hypervisor. This scenario demonstrates that even a relatively simple attack could have significant implications for system stability. Finally, system for defending hypervisors against hypercall attacks is introduced. This mitigation observes N-grams and calculates the conditional probability of a sequence of hypercalls. The assumption is that exploits will be manifested as previously-unobserved sequences of hypercalls. The early results of testing are provided.

Keywords

computer network security; probability; virtual machines; N-grams; Xen hypervisor; conditional probability calculation; denial-of-service attacks; hosting hypervisor incapacitation; hypercall-based DoS attacks; hyperthreats; malicious guests; system stability; unprivileged guests; Computer crime; Hardware; Software; Taxonomy; Virtual machine monitors; Virtual machining; Virtualization; Hypercalls; denial of service; simulation; taxonomy;

fLanguage

English

Publisher

ieee

Conference_Titel

SoutheastCon 2015

Conference_Location

Fort Lauderdale, FL

Type

conf

DOI

10.1109/SECON.2015.7133049

Filename

7133049