Determining the Forensic Data Requirements for Investigating Hypervisor Attacks - Archive ouverte HAL Access content directly
Conference Papers Year : 2019

Determining the Forensic Data Requirements for Investigating Hypervisor Attacks

(1) , (2) , (2) , (1)
1
2

Abstract

Hardware/server virtualization is commonly employed in cloud computing to enable ubiquitous access to shared system resources and provide sophisticated services. The virtualization is typically performed by a hypervisor, which provides mechanisms that abstract hardware and system resources from the operating system. However, hypervisors are complex software systems with many vulnerabilities. This chapter analyzes recently-discovered vulnerabilities associated with the Xen and KVM open-source hypervisors, and develops their attack profiles in terms of hypervisor functionality (attack vectors), attack types and attack sources. Based on the large number of vulnerabilities related to hypervisor functionality, two sample attacks leveraging key attack vectors are investigated. The investigation clarifies the evidence coverage for detecting attacks and the missing evidence needed to reconstruct attacks.
Fichier principal
Vignette du fichier
488399_1_En_14_Chapter.pdf (282.96 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02534598 , version 1 (07-04-2020)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Changwei Liu, Anoop Singhal, Ramaswamy Chandramouli, Duminda Wijesekera. Determining the Forensic Data Requirements for Investigating Hypervisor Attacks. 15th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2019, Orlando, FL, United States. pp.253-272, ⟨10.1007/978-3-030-28752-8_14⟩. ⟨hal-02534598⟩
26 View
5 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More