A Systematic Review of Vulnerabilities in Hypervisors and Their Detection

Litchfield, A; Shahzad, A

Litchfield, A; Shahzad, A

Abstract

The paper presents a systematic review of risk assessment processes to provide an overview of the risks to cloud computing and identify future research directions. This paper also provides an analysis of sophisticated threats to hypervisors and highlights vulnerabilities and exploits. Virtualization is a core feature of Cloud Computing and it is often a target for attackers. The hypervisor, which provides thevirtualization layer, if compromised, can result in loss or damage to critical assets owned by Cloud Service Providers and their customers. The exploitation of hypervisor vulnerabilities provide opportunities for an attacker to launch sophisticated attacks such as Cross-VM Side Channel, Denial of Service, and Hypervisor Escape. The rate of adoption of cloud services is reflected in the lack of security controls against such sophisticated attacks and the resulting lack of trust, therefore we argue that risk assessment for hypervisors’ is significant for Cloud Service Providers.

Keywords

Hypervisor; Vulnerabilities; Risk assessment; Vulnerability exploits; Vulnerability assessment; Zero-day threat

Date

2017

Source

Published in 23rd Americas Conference on Information Systems (AMCIS) 2017 Proceedings, Information Systems Security and Privacy (SIGSEC), Retrieved from: https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/3/

Item Type

Conference Contribution

Publisher

Association for Information Systems (AIS)

Publisher's Version

https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/3/

Rights Statement

AIS has a green Open Access Policy. Authors may immediately self-archive their articles without an embargo period when publishing.