Skip to Main content Skip to Navigation
Conference papers

Determining the Forensic Data Requirements for Investigating Hypervisor Attacks

Abstract : Hardware/server virtualization is commonly employed in cloud computing to enable ubiquitous access to shared system resources and provide sophisticated services. The virtualization is typically performed by a hypervisor, which provides mechanisms that abstract hardware and system resources from the operating system. However, hypervisors are complex software systems with many vulnerabilities. This chapter analyzes recently-discovered vulnerabilities associated with the Xen and KVM open-source hypervisors, and develops their attack profiles in terms of hypervisor functionality (attack vectors), attack types and attack sources. Based on the large number of vulnerabilities related to hypervisor functionality, two sample attacks leveraging key attack vectors are investigated. The investigation clarifies the evidence coverage for detecting attacks and the missing evidence needed to reconstruct attacks.
Document type :
Conference papers
Complete list of metadata

Cited literature [30 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Tuesday, April 7, 2020 - 10:36:37 AM
Last modification on : Tuesday, April 7, 2020 - 10:42:48 AM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Changwei Liu, Anoop Singhal, Ramaswamy Chandramouli, Duminda Wijesekera. Determining the Forensic Data Requirements for Investigating Hypervisor Attacks. 15th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2019, Orlando, FL, United States. pp.253-272, ⟨10.1007/978-3-030-28752-8_14⟩. ⟨hal-02534598⟩



Record views