Cross-VM Network Channel Attacks and Countermeasures within Cloud Computing Environments

Saeed, Atif and Garraghan, Peter and Asad Hussain, Syed (2020) Cross-VM Network Channel Attacks and Countermeasures within Cloud Computing Environments. IEEE Transactions on Dependable and Secure Computing, 19 (3). pp. 1783-1794. ISSN 1545-5971

[thumbnail of IEEE TDSC Cross VM Cloud Attacks]
Text (IEEE TDSC Cross VM Cloud Attacks)
Cross_VM_cloud_attacks_Final_1_.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (4MB)

Abstract

Cloud providers attempt to maintain the highest levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-located VMs and processes separate. This logical isolation creates an internal virtual network to separate VMs co-residing within a shared physical network. However, as co-residing VMs share their underlying VMM (Virtual Machine Monitor), virtual network, and hardware are susceptible to cross VM attacks. It is possible for a malicious VM to potentially access or control other VMs through network connections, shared memory, other shared resources, or by gaining the privilege level of its non-root machine. This research presents a two novel zero-day cross-VM network channel attacks. In the first attack, a malicious VM can redirect the network traffic of target VMs to a specific destination by impersonating the Virtual Network Interface Controller (VNIC). The malicious VM can extract the decrypted information from target VMs by using open source decryption tools such as Aircrack. The second contribution of this research is a privilege escalation attack in a cross VM cloud environment with Xen hypervisor. An adversary having limited privileges rights may execute Return-Oriented Programming (ROP), establish a connection with the root domain by exploiting the network channel, and acquiring the tool stack (root domain) which it is not authorized to access directly. Countermeasures against this attacks are also presented

Item Type:
Journal Article
Journal or Publication Title:
IEEE Transactions on Dependable and Secure Computing
Additional Information:
©2020 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/2200/2208
Subjects:
?? cloud computingsecuritycyber-securitycloud securityelectrical and electronic engineering ??
ID Code:
148823
Deposited By:
Deposited On:
10 Nov 2020 15:35
Refereed?:
Yes
Published?:
Published
Last Modified:
11 Nov 2024 01:24