Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3339252.3340530acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

A Misuse Pattern for Compromising VMs via Virtual Machine Escape in NFV

Published: 26 August 2019 Publication History

Abstract

Cloud computing has provided many services to potential consumers; one of these services being the provision of network functions using virtualization. Network Function Virtualization (NFV) is an emerging network technology that decouples the software implementation of network functions from the underlying hardware providing flexible and energy-efficient network services. However, it also comes with vulnerabilities that attackers can exploit to disrupt the network service. In this paper, we use misuse patterns to study the Virtual Machine (VM) Escape attack. The possible misuses resulting from the VM Escape are compromising victims' VMs, stealing resources from co-resident VMs, and accessing host OS files. Misuse patterns describe how an attack is performed from the point view of the attacker. In the future, we aim to build a partial catalog of misuse patterns for the NFV virtual machine environment (VME). This catalog would be useful to build a Security Reference Architecture for NFV.

References

[1]
NFV, "GS NFV 002 - V1.2.1 - Network Functions Virtualisation (NFV); Architectural Framework," 2014.
[2]
NFV, "GS NFV-INF 004 - V1.1.1 - Network Functions Virtualisation (NFV); Infrastructure; Hypervisor Domain," 2015.
[3]
R. Chandramouli, "Security Recommendations for Hypervisor Deployment on Servers-NIST Special Publication 800-125A.", 2018
[4]
A. M. Alwakeel, A. K. Alnaim, and E. B. Fernandez, "A Survey of Network Function Virtualization Security," in SoutheastCon 2018, 2018, pp. 1--8.
[5]
E. B. Fernandez, Security patterns in practice: designing secure architectures using software patterns. J. Wiley & Sons, 2013.
[6]
F. Buschmann, K. Henney, and D. C. Schmidt, Pattern-oriented software architecture, Vol. 5, On patterns and pattern languages. Wiley, 2007.
[7]
W. A. Jansen, "Cloud Hooks: Security and Privacy Issues in Cloud Computing," in 2011 44th Hawaii International Conference on System Sciences, 2011, pp. 1--10.
[8]
M. Ali, S. U. Khan, and A. V. Vasilakos, "Security in cloud computing: Opportunities and challenges," Inf. Sci. (Ny)., vol. 305, pp. 357--383, Jun. 2015.
[9]
S. Lal, T. Taleb, and A. Dutta, "NFV: Security Threats and Best Practices," IEEE Commun. Mag., vol. 55, no. 8, pp. 211--217, Aug. 2017.
[10]
T. Garfinkel, M. Rosenblum, "A Virtual Machine Introspection Based Architecture for Intrusion Detection," Procs. Netw. Distrib. Syst. Secur. Symp., pp. 191--206, 2003.
[11]
NFV, "GS NFV-SEC 002 - V1.1.1 - Network Functions Virtualisation (NFV); NFV Security; Cataloguing security features in management software," 2015.
[12]
J. Wu et al., "An Access Control Model for Preventing Virtual Machine Escape Attack," Future Internet, vol. 9, no. 2, p. 20, Jun. 2017.
[13]
P. Dubrulle, R. Sirdey, P. Dore, M. Aichouch, and E. Ohayon, "Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities," in 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), 2015, pp. 1394--1399.
[14]
C. Gebhardt, A. Tomlinson, "Security consideration for virtualization," 2008. Tech. Rept. RHUL-MA-2008-16, Royal Holloway, U. of London
[15]
D. Goodin, "Virtual machine escape fetches $105,000 at Pwn2Own hacking contest," 2017. {Online}. Available: https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/. {Accessed: 22-Feb-2019}.
[16]
B. Lee, "VMware ESXi Successful VM Escape at GeekPwn2018 Security Patch," 2018. {Online}. Available: https://www.virtualizationhowto.com/2018/11/vmware-esxi-successful-vm-escape-at-geekpwn2018-security-patch/.
[17]
NIST-National Vulnerability Database, "CVE-2018-6981," 2018. {Online}. Available: https://nvd.nist.gov/vuln/detail/CVE-2018-6981.
[18]
NIST-National Vulnerability Database, "CVE-2018-6982," 2018. {Online}. Available: https://nvd.nist.gov/vuln/detail/CVE-2018-6982.
[19]
A. K. Alnaim, A. M. Alwakeel, and E. B. Fernandez, "A Pattern for an NFV Virtual Machine Environment," Proc. 13th Annu. IEEE Int. Syst. Conf. 2019, 2019.
[20]
E. B. Fernandez and B. Hamid, "A pattern for network functions virtualization," in Proceedings of the 20th European Conference on Pattern Languages of Programs - EuroPLoP '15, 2015, pp. 1--9.
[21]
A. K. Alnaim, A. M. Alwakeel, and E. B. Fernandez, "Towards a reference architecture for NFV," Submitted for publication.
[22]
E. B. Fernandez, N. Yoshioka, H. Washizaki, and M. H. Syed, "Modeling and security in cloud ecosystems," Futur. Internet, 2016.
[23]
M. H. Syed and E. B. Fernandez, "A Pattern for a Virtual Machine Environment," Proc. 23rd Conf. Pattern Lang. Programs, pp. 1--8, 2016.
[24]
K. Hashizume, E. B. Fernandez, and M. M. Larrondo-Petrie, "A pattern for software-as-a-service in clouds," Workshop on Redefining Integr. Secur. Eng., 2012.
[25]
E. B. Fernandez, R. Monge, and K. Hashizume, "Building a security reference architecture for cloud systems," Requir. Eng., vol. 21, no. 2, pp. 225--249, Jun. 2016.
[26]
A. K. Alnaim, A. M. Alwakeel, and E. B. Fernandez, "A Misuse Pattern for NFV based on Privilege Escalation," in Proceedings of the 8th Asian Conference on Pattern Languages of Programs., 2019.

Cited By

View all
  • (2024)Securing the Future of Web-Enabled IoT: A Critical Analysis of Web of Things SecurityApplied Sciences10.3390/app14231086714:23(10867)Online publication date: 23-Nov-2024
  • (2024)DDQN-SFCAG: A service function chain recovery method against network attacks in 6G networksComputer Networks10.1016/j.comnet.2024.110748(110748)Online publication date: Aug-2024
  • (2024)Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing securityInternational Journal of Information Security10.1007/s10207-024-00900-523:6(3569-3589)Online publication date: 20-Aug-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
August 2019
979 pages
ISBN:9781450371643
DOI:10.1145/3339252
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cloud computing
  2. Network Function Virtualization (NFV)
  3. hypervisor
  4. misuse patterns
  5. security patterns
  6. virtual machine environment (VME)
  7. virtualization

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ARES '19

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)7
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Securing the Future of Web-Enabled IoT: A Critical Analysis of Web of Things SecurityApplied Sciences10.3390/app14231086714:23(10867)Online publication date: 23-Nov-2024
  • (2024)DDQN-SFCAG: A service function chain recovery method against network attacks in 6G networksComputer Networks10.1016/j.comnet.2024.110748(110748)Online publication date: Aug-2024
  • (2024)Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing securityInternational Journal of Information Security10.1007/s10207-024-00900-523:6(3569-3589)Online publication date: 20-Aug-2024
  • (2023)A Security Survey of NFV: From Causes to Practices2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)10.1109/ICCECE58074.2023.10135454(624-628)Online publication date: 6-Jan-2023
  • (2022)Towards a Security Reference Architecture for NFVSensors10.3390/s2210375022:10(3750)Online publication date: 14-May-2022
  • (2022)Misuse Patterns from the Threat of Modification of Non-Control Data in Network Function VirtualizationFuture Internet10.3390/fi1407020114:7(201)Online publication date: 30-Jun-2022
  • (2021)CloudSkulk: A Nested Virtual Machine Based Rootkit and Its Detection2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00047(350-362)Online publication date: Jun-2021
  • (2021)DECH: A Novel Attack Pattern of Cloud Environment and Its Countermeasures2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP)10.1109/CSP51677.2021.9357594(117-122)Online publication date: 8-Jan-2021
  • (2019)A misuse pattern for distributed denial-of-service attack in network function virilizationProceedings of the 26th Conference on Pattern Languages of Programs10.5555/3492252.3492259(1-10)Online publication date: 7-Oct-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media