Title :
Hyperthreats: Hypercall-based DoS attacks
Author :
Shropshire, Jordan
Author_Institution :
CIS, Univ. of South Alabama, Mobile, AL, USA
Abstract :
The cloud offers a new environment for achieving Denial of Service (DoS) conditions on targeted infrastructure. Once confined to the network, they are now conducted over the hypercall interface. These attacks are initiated by malicious, unprivileged guests with a goal of incapacitating hosting hypervisors. Because they are not packet-based, they cannot be detected or prevented using network security measures. The present study systematically explores this risk and develops a taxonomy of hypercall-based DoS attacks. For purpose of illustration, a denial of service is attempted against a Xen hypervisor. This scenario demonstrates that even a relatively simple attack could have significant implications for system stability. Finally, system for defending hypervisors against hypercall attacks is introduced. This mitigation observes N-grams and calculates the conditional probability of a sequence of hypercalls. The assumption is that exploits will be manifested as previously-unobserved sequences of hypercalls. The early results of testing are provided.
Keywords :
computer network security; probability; virtual machines; N-grams; Xen hypervisor; conditional probability calculation; denial-of-service attacks; hosting hypervisor incapacitation; hypercall-based DoS attacks; hyperthreats; malicious guests; system stability; unprivileged guests; Computer crime; Hardware; Software; Taxonomy; Virtual machine monitors; Virtual machining; Virtualization; Hypercalls; denial of service; simulation; taxonomy;
Conference_Titel :
SoutheastCon 2015
Conference_Location :
Fort Lauderdale, FL
DOI :
10.1109/SECON.2015.7133049
