A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

Saeed, Atif; Garraghan, Peter; Craggs, Barnaby; Linden, Dirk van der; Rashid, Awais; Hussain, Syed Asad

doi:10.1109/cloud.2018.00084

Cited by 6 publications

(4 citation statements)

References 15 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The findings of this investigation reveal that AES implementations in popular libraries and data encrypted with AES on primary cloud services still pose a security concern. Saeed et al [13] presented the zero-day cross-VM network channel attacks in their study where simulated internal cloud virtual network. Malicious VMs reroute network traffic to target VMs in the initial stages of attacks, and promptly, like Air cracks, use this opportunity to extract decrypted information of target VMs.…”

Section: Literature Reviewmentioning

confidence: 99%

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Mangalagowri¹,

Venkataraman²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Cloud computing involves remote server deployments with public network infrastructures that allow clients to access computational resources. Virtual Machines (VMs) are supplied on requests and launched without interactions from service providers. Intruders can target these servers and establish malicious connections on VMs for carrying out attacks on other clustered VMs. The existing system has issues with execution time and false-positive rates. Hence, the overall system performance is degraded considerably. The proposed approach is designed to eliminate Cross-VM side attacks and VM escape and hide the server's position so that the opponent cannot track the target server beyond a certain point. Every request is passed from source to destination via one broadcast domain to confuse the opponent and avoid them from tracking the server's position. Allocation of SECURITY Resources accepts a safety game in a simple format as input and finds the best coverage vector for the opponent using a Stackelberg Equilibrium (SSE) technique. A Mixed Integer Linear Programming (MILP) framework is used in the algorithm. The VM challenge is reduced by a firewall-based controlling mechanism combining behavior-based detection and signature-based virus detection. The proposed method is focused on detecting malware attacks effectively and providing better security for the VMs. Finally, the experimental results indicate that the proposed security method is efficient. It consumes minimum execution time, better false positive rate, accuracy, and memory usage than the conventional approach.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Mangalagowri¹,

Venkataraman²

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

show abstract

“…The attack of hypervisor on VM data is not considered in this work. Saeed et al (2018) introduced a new attack by malicious VM using TAP impersonation and mirroring to redirect and monitor network traffic of other VM. These attacks are very difficult to monitor as the malicious VM is not violating any resource capacity.…”

Section: IImentioning

confidence: 99%

Critical Analysis on Detection and Mitigation of Security Vulnerabilities in Virtualization Data Centers

Manikandan

Uppalapati

2023

IJRITCC

View full text Add to dashboard Cite

There is an increasing demand for IT resources in growing business enterprises. Data center virtualization helps to meet this increasing demand by driving higher server utilization and utilizing un-used CPU cycles without causes much increase in new servers. Reduction in infrastructure complexities, Optimization of cost of IT system management, power and cooling are some of the additional benefits of virtualization. Virtualization also brings various security vulnerabilities. They are prone to attacks like hyperjacking, intrusion, data thefts, denial of service attacks on virtualized servers and web facing applications etc. This works identifies the security challenges in virtualization. A critical analysis on existing state of art works on detection and mitigation of various vulnerabilities is presented. The aim is to identify the open issues and propose prospective solutions in brief for these open issues.

show abstract

“…The attack scenario and its steps are shown in Figure 4. Cloud providers permit bridging of a TAP interface that has no valid private Ethernet interface at the backend is the main vulnerability in the network architecture [15]. A cloud provider does not allow the bridging of a TAP interface that does not have a private Ethernet interface at the backend.…”

Section: Impersonation Attackmentioning

confidence: 99%

“…This paper is an extension of our conference paper [15], which proposed a novel zero-day network channel attack for redirecting the traffic of other co-located VMs. In this attack, the created dummy interface impersonates a TAP (Test Access Point) device.…”

Section: Introductionmentioning

confidence: 99%

Cross-VM Network Channel Attacks and Countermeasures Within Cloud Computing Environments

Saeed

Hussain

Garraghan

2022

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Cloud providers attempt to maintain the highest levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-located VMs and processes separate. This logical isolation creates an internal virtual network to separate VMs co-residing within a shared physical network. However, as co-residing VMs share their underlying VMM (Virtual Machine Monitor), virtual network, and hardware are susceptible to cross VM attacks. It is possible for a malicious VM to potentially access or control other VMs through network connections, shared memory, other shared resources, or by gaining the privilege level of its non-root machine. This research presents a two novel zero-day cross-VM network channel attacks. In the first attack, a malicious VM can redirect the network traffic of target VMs to a specific destination by impersonating the Virtual Network Interface Controller (VNIC). The malicious VM can extract the decrypted information from target VMs by using open source decryption tools such as Aircrack. The second contribution of this research is a privilege escalation attack in a cross VM cloud environment with Xen hypervisor. An adversary having limited privileges rights may execute Return-Oriented Programming (ROP), establish a connection with the root domain by exploiting the network channel, and acquiring the tool stack (root domain) which it is not authorized to access directly. Countermeasures against this attacks are also presented

show abstract

A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation

Cited by 6 publications

References 15 publications

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Randomized MILP framework for Securing Virtual Machines from Malware Attacks

Critical Analysis on Detection and Mitigation of Security Vulnerabilities in Virtualization Data Centers

Cross-VM Network Channel Attacks and Countermeasures Within Cloud Computing Environments

Contact Info

Product

Resources

About