A methodology for testing virtualisation security

Scott Donaldson, Natalie Coull, David McLuskie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)
798 Downloads (Pure)


There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment.
Original languageEnglish
Title of host publicationProceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA)
Number of pages8
ISBN (Electronic)9781509050604
ISBN (Print)9781509050611
Publication statusPublished - 19 Oct 2017
Event2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment: Cyber Situation Awareness as a Prism to Understanding Situations in a fast-paced CyberWorld - London, United Kingdom
Duration: 19 Jun 201720 Jun 2017


Conference2017 International Conference on Cyber Situational Awareness, Data Analytics and Assessment
Abbreviated titleCyberSA 2017
Country/TerritoryUnited Kingdom


  • Networking
  • Security
  • Virtualisation


Dive into the research topics of 'A methodology for testing virtualisation security'. Together they form a unique fingerprint.

Cite this