Not surprisingly, the most obvious way to attack a virtualized data center or cloud is to gain access to the hypervisor, which controls all the VMs running in the data center or cloud. For the native virtualization architecture, there have been no known attacks on a hypervisor due to its nature of being embedded in the hardware [Randell06]. Otherwise, two types of attacks on the hypervisor exist: attack on hypervisor through the host OS and attack on hypervisor through a guest OS.
Attacks on hypervisor through host OS is to exploit vulnerabilities of the host OS on which the hypervisor runs [Murphy07]. Due to native virtualization architecture requires specially configured hardware, most virtualization deployments are done with the hosted architecture. With vulnerabilities and security holes in most modern OSs, attacks can be done to gain control of the host OS. Since the hypervisor is simply a layer running on top of the host OS, once the attacker has control of the host OS, the hypervisor is essentially compromised. Thus, the administrative privileges of the hypervisor will enable the attacker to perform any malicious activities on any of the VMs hosted by the hypervisor. This propagation of attacks from the hosted OS to the hypervisor then to the VMs is shown in Figure 3.