题名

A Novel VENOM Attack Identification Mechanism in Cloud Virtualization Environment

作者

Cheick Abdoul-Kader;Shih-Hao Chang

关键词

VENOM ; QEMU ; Virtualization ; I/O command ; Malware Attack

期刊名称

資訊安全通訊

卷期/出版年月

24卷1期(2018 / 01 / 01)

页次

61 - 72

内容语文

英文
中文摘要

This paper investigates the security issue of virtualization in the cloud computing. We focus on how to identify the VENOM attack in the cloud-computing environment, and how to protect the hypervisor from this VENOM attack. Firstly, we have implemented VENOM vulnerability in the environment of QEMU/KVM and tried to identify its behaviors (action) in the cloud. Secondly, we also tried to protect the hypervisor, which is the most vulnerability part for virtualization environment. The proposed mechanism provides identification of the VENOM attack and lock the FDC port (0x3f5), which is responsible to send I/O command to the hypervisor.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Ahmad, A.,Nasser, N.,Anan, M.(2016).An identification and prevention of theft-of-service attack on cloud computing.2016 International Conference on Selected Topics in Mobile & Wireless Networking (MoWNeT)
  2. Ajay Kumara M.A,Jaidhar, C.D.(2015).Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment.2015 1st International Conference on Telematics and Future Generation Networks (TAFGEN),Malaysia:
  3. Armbrust, M.,Fox, A.,Griffith, R.,Joseph, A. D.,Katz, R.,Konwinski, A.,Lee, G.,Patterson, D.,Rabkin, A.,Stoica, I.,Zaharia, M.(2010).A view of cloud computing.ACM Communications,53(4),50-58.
  4. Bartholomew, D.(2006).Qemu: a multihost, multitarget emulator.Linux Journal,2006(145),3.
  5. Behrozinia, S.,Azmi, R.(2014).KLrtD: Kernel Level Rootkit Detection.2014 22nd Iranian Conference on Electrical Engineering (ICEE),Iranian:
  6. Deng, L.,Zeng, Q.,Wang, W.,Liu, Y..EqualVisor: Providing Memory Protection in an Untrusted Commodity Hypervisor.2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications,Beijing:
  7. Jason Geffner, https://blog.trendmicro.com/understanding-the-venom-vulnerability/
  8. R. Hat, “Libvirt: The virtualization API,” 2012.
  9. Kivity, A.,Kamay, Y.,Laor, D.,Lublin, U.,Liguori, A.(2007).KVM: the Linux virtual machine monitor.Linux symposium
  10. PacketStorm, “Packetstorm,” http://tinyurl.com/qhygrsu, accessed: 29-10-2014.
  11. B. Payne, S. Maresca, T. Lengyel K and A. Saba, “Libvmi,” http://www.libvmi.com, accessed: 09- 07-2014.
  12. Schmidt, M.,Baumgartner, L.,Graubner, P.,Bock, D.,Freisleben, B.(2011).Malware detection and kernel rootkit prevention in cloud computing environments.2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing
  13. Sharif, M. I.,Lee, W.,Cui, W.,Lanzi, A.(2009).Secure in-vm monitoring using hardware virtualization.16th ACM conference on Computer and communications security
  14. Tsafrir, D.,Etsion, Y.,Feitelson, D. G.(2007).Secretly Monopolizing the CPU Without Superuser Privileges.16th USENIX Security Symposium on USENIX Security Symposium,Berkeley, CA, USA:
  15. Watson, M. R.,Shirazi, N.,Marnerides, A. K.,Mauthe, A.,Hutchison, D..Malware detection in cloud computing infrastructures.IEEE Transactions on Dependable and Secure Computing
print cancel