Identifying Weaknesses in VM/Hypervisor Interfaces

As cloud and virtualized environments become more widely used to solve challenges faced by companies of all sizes, it is increasingly likely that this infrastructure will be a common focus of attacks in the years to come. Successful attacks against this infrastructure could allow an attacker to "break out" of the virtual environment and gain control of the physical infrastructure effectively compromising the entire system. Given the recent surge in the development and deployment of these environments, it is reasonable to expect that these systems have not undergone the same amount of testing that comes with age and wide acceptance, and which we often require for critical services. Therefore, in-depth analysis of the attack surfaces exposed by these environments is necessary to ensure the security of these systems. This paper describes a Cyber Fast Track (CFT) project to create a testing framework to analyze the interfaces exposed by several hyper visors to potentially untrusted users (inside VMs) for vulnerabilities. The methods used consist of random input testing of emulated devices by intercepting and modifying valid device I/O with a state-aware system. These techniques are general enough that they may be extended to test many interfaces across a wide range of virtualization systems. This project then uses this tool against current versions of several virtualization systems with the ultimate goal to inform developers and system administrators alike about potential vulnerabilities in these systems.