Vulnerability Prediction and Risk Assessment of the Xen Hypervisor

Abstract

The thesis presents a vulnerability prediction and risk assessment process of the Xen hypervisor. The process predicts the number of unknown Xen vulnerabilities that may appear in the future. It also determines the risk severity levels a specific Xen version provides. The hypervisor is a key component of virtualisation to offer an Infrastructure-as-a-Service delivery model. Thus, the hypervisor is an attractive target of attackers to compromise critical assets that usually belong to different tenants. When such a critical component is compromised, the assets of service customers are consequently at risk.

Cloud computing has matured with time, but many organisations have security concerns due to new risks compared to conventional IT environment. The types of risk also vary from one service delivery model to another. Much research has been conducted to assess the risk of cloud computing, but it has viewed and assessed risk from a broader perspective instead of focusing on the hypervisor which provides the base for Infrastructure-as-a-Service. Moreover, cloud service providers are responsible for managing the security of the hypervisors which makes service customers utterly unaware of the security of their data if they move to cloud virtualised infrastructure. Therefore, to encourage customers to adopt Infrastructure-as-a-Service free of security concerns, a new assessment platform specific to the hypervisor is required. However, the following questions arise: How can the unknown vulnerabilities be predicted in large software applications such as the Xen hypervisor to mitigate exploitation scenarios?How can the determination of the risk of unknown Xen vulnerabilities be presented such that it aids cloud infrastructure service consumers?

This research targets the Infrastructure-as-a-Service delivery model and presents a Xen vulnerability prediction and risk assessment process. Different analysis and research methods are used in this research. The Time Series Holt-Winters method is used to predict unknown vulnerabilities. The regression analysis method is used to predict unknown vulnerabilities with regard to the impact levels (High, Medium, and Low). ENISA risk framework is considered to adopt Xen vulnerability impact ratings. A structured analysis approach using attack trees is used to determine threat likelihood levels. A risk estimation matrix is used to map the vulnerability impact ratings and threat likelihood levels to determine qualitative risk severity levels.

The vulnerability prediction and risk assessment process allows customers to use results of vulnerabilities and risk of Xen to make informed security decisions. The process is very effective for the small organisations that do not have security professionals or experts to assess the security risks they could face after moving their critical services to cloud virtualised infrastructure. Nine technical risks to the Xen hypervisor are identified and security recommendations are made for customers regarding each of the risk categories. However, customers are encouraged to identify and add new risks in the assessment process that may be specific to their services, data, and information. The customers can then consider the security recommendations made in this research to select a cloud service provider after analysing the security controls which are in place to mitigate these risks.

The vulnerability prediction and risk assessment process is developed on the Xen hypervisor and tested on the two other popular open source, infrastructure level software packages. Vulnerability prediction and risk assessment of Apache HTTP and Squid Proxy servers is performed to evaluate the process to ensure its generalisability and applicability. In each case, the results of vulnerability prediction and risk assessment are good to fair.