Experience Report: An Analysis of Hypercall Handler Vulnerabilities
A. Milenkoski, B. Payne, N. Antunes, M. Vieira, and S. Kounev. Proceedings of The 25th IEEE International Symposium on Software Reliability Engineering (ISSRE 2014) --- Research Track, Washington DC, USA, IEEE, IEEE Computer Society, (November 2014)Acceptance Rate: 25\%, <b>Best Paper Award Nomination</b>.
Abstract
Hypervisors are becoming increasingly ubiquitous with the growing proliferation of virtualized data centers. As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hypercalls. Hypercalls enable intrusions in hypervisors through their hypercall interfaces. Despite the importance, there is very limited publicly available information on vulnerabilities of hypercall handlers and attacks triggering them, which significantly hinders advances towards monitoring and securing these interfaces. In this paper, we characterize the hypercall attack surface based on analyzing a set of vulnerabilities of hypercall handlers. We systematize and discuss the errors that caused the considered vulnerabilities, and activities for executing attacks triggering them. We also demonstrate attacks triggering the considered vulnerabilities and analyze their effects. Finally, we suggest an action plan for improving the security of hypercall interfaces.
%0 Conference Paper
%1 MiPaAnViKo2014-ISSRE-AnAnalHypHanVulns
%A Milenkoski, Aleksandar
%A Payne, Bryan D.
%A Antunes, Nuno
%A Vieira, Marco
%A Kounev, Samuel
%B Proceedings of The 25th IEEE International Symposium on Software Reliability Engineering (ISSRE 2014) --- Research Track
%C Washington DC, USA
%D 2014
%I IEEE Computer Society
%K Award HInjector Instrumentation_profiling_and_workload_characterization Isolation Metrics_and_benchmarking_methodologies Reliability Security Survey Virtualization descartes t_full
%T Experience Report: An Analysis of Hypercall Handler Vulnerabilities
%U http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6982618
%X Hypervisors are becoming increasingly ubiquitous with the growing proliferation of virtualized data centers. As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hypercalls. Hypercalls enable intrusions in hypervisors through their hypercall interfaces. Despite the importance, there is very limited publicly available information on vulnerabilities of hypercall handlers and attacks triggering them, which significantly hinders advances towards monitoring and securing these interfaces. In this paper, we characterize the hypercall attack surface based on analyzing a set of vulnerabilities of hypercall handlers. We systematize and discuss the errors that caused the considered vulnerabilities, and activities for executing attacks triggering them. We also demonstrate attacks triggering the considered vulnerabilities and analyze their effects. Finally, we suggest an action plan for improving the security of hypercall interfaces.
@inproceedings{MiPaAnViKo2014-ISSRE-AnAnalHypHanVulns,
abstract = {{Hypervisors are becoming increasingly ubiquitous with the growing proliferation of virtualized data centers. As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hypercalls. Hypercalls enable intrusions in hypervisors through their hypercall interfaces. Despite the importance, there is very limited publicly available information on vulnerabilities of hypercall handlers and attacks triggering them, which significantly hinders advances towards monitoring and securing these interfaces. In this paper, we characterize the hypercall attack surface based on analyzing a set of vulnerabilities of hypercall handlers. We systematize and discuss the errors that caused the considered vulnerabilities, and activities for executing attacks triggering them. We also demonstrate attacks triggering the considered vulnerabilities and analyze their effects. Finally, we suggest an action plan for improving the security of hypercall interfaces.}},
added-at = {2020-04-06T11:22:03.000+0200},
address = {{Washington DC, USA}},
author = {Milenkoski, Aleksandar and Payne, Bryan D. and Antunes, Nuno and Vieira, Marco and Kounev, Samuel},
biburl = {https://www.bibsonomy.org/bibtex/2646b9ceeca4a42559a1c28be640e92cb/se-group},
booktitle = {{Proceedings of The 25th IEEE International Symposium on Software Reliability Engineering (ISSRE 2014) --- Research Track}},
interhash = {8ca61bcb9943a45ef34760d81d77d2cd},
intrahash = {646b9ceeca4a42559a1c28be640e92cb},
keywords = {Award HInjector Instrumentation_profiling_and_workload_characterization Isolation Metrics_and_benchmarking_methodologies Reliability Security Survey Virtualization descartes t_full},
month = {November},
note = {Acceptance Rate: 25\%, <b>Best Paper Award Nomination</b>},
organization = {IEEE},
publisher = {IEEE Computer Society},
timestamp = {2021-02-08T15:18:49.000+0100},
title = {{Experience Report: An Analysis of Hypercall Handler Vulnerabilities}},
url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6982618},
year = 2014
}