A methodology for testing virtualisation security

Scott Donaldson, Natalie, J. Coull, David McLuskie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.
Original languageEnglish
Title of host publicationProceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA
PublisherIEEE
StateAccepted/In press - 14 Apr 2017
Event2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment - London, United Kingdom

Conference

Conference2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment
CountryUnited Kingdom
CityLondon
Period19/06/1720/06/17

Fingerprint

Cloud computing
Computer operating systems
Computer hardware
Servers
Testing
Costs

Cite this

Donaldson, S., Coull, N. J., & McLuskie, D. (2017). A methodology for testing virtualisation security. In Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA IEEE .

Donaldson, Scott; Coull, Natalie, J.; McLuskie, David / A methodology for testing virtualisation security.

Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA. IEEE , 2017.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

@inbook{11f3456c864247f986e1eeff9718b29f,
title = "A methodology for testing virtualisation security",
abstract = "There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.",
author = "Scott Donaldson and Coull, {Natalie, J.} and David McLuskie",
year = "2017",
month = "4",
booktitle = "Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA",
publisher = "IEEE",

}

Donaldson, S, Coull, NJ & McLuskie, D 2017, A methodology for testing virtualisation security. in Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA. IEEE , 2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, United Kingdom, 19-20 June.

A methodology for testing virtualisation security. / Donaldson, Scott; Coull, Natalie, J.; McLuskie, David.

Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA. IEEE , 2017.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - CHAP

T1 - A methodology for testing virtualisation security

AU - Donaldson,Scott

AU - Coull,Natalie, J.

AU - McLuskie,David

PY - 2017/4/14

Y1 - 2017/4/14

N2 - There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.

AB - There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.

M3 - Conference contribution

BT - Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA

PB - IEEE

ER -

Donaldson S, Coull NJ, McLuskie D. A methodology for testing virtualisation security. In Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment- CyberSA. IEEE . 2017.