A methodology for testing virtualisation security

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
118 Downloads (Pure)

Abstract

There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.
Original languageEnglish
Title of host publicationProceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)
PublisherIEEE
Number of pages8
ISBN (Electronic)9781509050604
ISBN (Print)9781509050611
DOIs
Publication statusPublished - 19 Oct 2017
Event2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment: Cyber Situation Awareness as a Prism to Understanding Situations in a fast-paced CyberWorld - London, United Kingdom
Duration: 19 Jun 201720 Jun 2017

Conference

Conference2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment
Abbreviated titleCyberSA 2017
CountryUnited Kingdom
CityLondon
Period19/06/1720/06/17

Fingerprint

Testing
Cloud computing
Computer operating systems
Computer hardware
Servers
Virtual machine
Virtualization
Costs
Green computing

Cite this

Donaldson, S., Coull, N. J., & McLuskie, D. (2017). A methodology for testing virtualisation security. In Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA) IEEE . https://doi.org/10.1109/CyberSA.2017.8073397
Donaldson, Scott ; Coull, Natalie, J. ; McLuskie, David. / A methodology for testing virtualisation security. Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA). IEEE , 2017.
@inproceedings{11f3456c864247f986e1eeff9718b29f,
title = "A methodology for testing virtualisation security",
abstract = "There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.",
author = "Scott Donaldson and Coull, {Natalie, J.} and David McLuskie",
year = "2017",
month = "10",
day = "19",
doi = "10.1109/CyberSA.2017.8073397",
language = "English",
isbn = "9781509050611",
booktitle = "Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)",
publisher = "IEEE",

}

Donaldson, S, Coull, NJ & McLuskie, D 2017, A methodology for testing virtualisation security. in Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA). IEEE , 2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, United Kingdom, 19/06/17. https://doi.org/10.1109/CyberSA.2017.8073397

A methodology for testing virtualisation security. / Donaldson, Scott; Coull, Natalie, J.; McLuskie, David.

Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA). IEEE , 2017.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A methodology for testing virtualisation security

AU - Donaldson, Scott

AU - Coull, Natalie, J.

AU - McLuskie, David

PY - 2017/10/19

Y1 - 2017/10/19

N2 - There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.

AB - There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.

U2 - 10.1109/CyberSA.2017.8073397

DO - 10.1109/CyberSA.2017.8073397

M3 - Conference contribution

SN - 9781509050611

BT - Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)

PB - IEEE

ER -

Donaldson S, Coull NJ, McLuskie D. A methodology for testing virtualisation security. In Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA). IEEE . 2017 https://doi.org/10.1109/CyberSA.2017.8073397