Previous article in series – Cloud Computing: Shared Security Model
The hypervisor acts as the abstraction layer that provides the management functions for required hardware resources among VMs.
Virtual machine attacks: Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised, it may be able to attack other VMs running on the same physical host because the VMs share the same hardware and software resources. In addition, the compromised VM may be able to attack other VMs and hosts throughout the LAN.
Virtual network: The virtual network contains the virtual switch software that controls the movement of traffic between the virtual network interface cards (NICs) of the VMs and the physical NICs of the host.
Hypervisor attacks: Compromising the hypervisor enables the hacker to gain control over the VMs as well as the host. One example of a hypervisor attack is hyperjacking, which involves installing a rogue hypervisor that can take complete control of a host. This may be accomplished with a VM-based rootkit that attacks the original hypervisor, inserting a modified rogue hypervisor in its place.
Switch attacks: The virtual switch is vulnerable to a wide range of layer-2 attacks, just as a physical switch would be. These attacks include virtual switch configuration manipulation as well as the modification of existing VLANs, trust zones, and ARP tables.
Denial-of-service (DoS) attacks: These attacks can be the direct result of individual VM setting misconfigurations that allow a VM instance to consume and utilize all available resources from the host. Note that hypervisors prevent any VM from gaining 100-percent usage of shared hardware resources. Appropriately configured hypervisors detect instances of resource “hogging” and take actions, such as restarting the VM, to stabilize or halt any processes that may be causing the abuse.
Next article in series – IaaS: Cloud Virtual Infrastructure Threats
2 thoughts on “IaaS: Hypervisor Security”