Virtualizační útoky
Hyperjacking je jedním z nejnovějších hrozeb pro počítačové servery. Vzhledem k tomu, phishing útokům virů a nyní zastaralé, hackeři se nyní snaží provést nový škodlivý provedení, hyperjacking. Hyperjacking se točí v podnikovém světě v důsledku uplatnění zájem v oblasti virtualizace.Vzhledem k tomu virtualizace umožňuje více žádostí v rámci operačního systému mají být provedeny v jediném hostiteli, hyperjacking obecně zahrnuje hardware manipulaci.
VMs are easy to deploy, and many organizations view them as hardware-like tools that don’t merit formal policies.This has led to VM sprawl, which is the unplanned proliferation of VMs.Attackers can take advantage of poorly monitored resources.More deployments also mean more failure points, so sprawl can cause problems even if no malice is involved
A guest OS escapes from its VM encapsulation to interact directly with the hypervisor.This gives the attacker access to all VMs and, if guest privileges are high enough, the host machine as well. Although few if any instances are known, experts consider VM escape to be the most serious threat to VM security.
These attacks exploit many hypervisor platforms and range from flooding a network with traffic to sophisticated leveraging of a host’s own resources.The availability of botnets continues to make it easier for attackers to carry out campaigns against specific servers and applications with the goal of derailing the target’s online services.
To remain secure and correctly share resources,VMs must be isolated from each other.Poor control over VM deployments can lead to isolation breaches in which VMs communicate.Attackers can exploit this virtual drawbridge to gain access to multiple guests and possibly the host.
This occurs when a VM is migrated to a new host, and security policies and configuration are not updated to reflect the change.Potentially, the host and other guests could become more vulnerable.Attackers have an advantage in that administrators are likely unaware of having introduced weaknesses and will not be on alert.
Host and guest vulnerabilities
Host and guest interactions can magnify system vulnerabilities at several points.Their operating systems, particularly Windows, are likely to have multiple weaknesses.Like other systems, they are subject to vulnerabilities in email, Web browsing, and network protocols.However, virtual linkages and the co-hosting of different data sets make a serious attack on a virtual environment particularly damaging.
Not surprisingly, the most obvious way to attack a virtualized data center or cloud is to gain access to the hypervisor, which controls all the VMs running in the data center or cloud. For the native virtualization architecture, there have been no known attacks on a hypervisor due to its nature of being embedded in the hardware [Randell06]. Otherwise, two types of attacks on the hypervisor exist: attack on hypervisor through the host OS and attack on hypervisor through a guest OS.
Attacks on hypervisor through guest OS
is to use a guest OS to gain unauthorized access to other VMs or the hypervisor. This is also known as VM escapes or jailbreak attacks as the attacker essentially "escapes" the confinement of the VM into layers that are otherwise unknown to the VM [Murphy07].
is when a checked-out VM image becomes infected on another VMM and later readmitted to its original virtual library [Murphy07]. This type of attack exploits on the fact that the guest VMM may not be as secure as the original virtual library.
is an attack on the network during VM migration from one place to another. This attack is an exploit on the mobility of virtualization [Lococo09]. Since VM images are easily moved between physical machines through the network, enterprises constantly move VMs to various places based on their usage.
is an attack used to retrieve unauthorized information from VMs by exploiting security vulnerabilities in the virtualization software. This type of attack is not usually done in practice due to its complexity [Lococo09]. Some of the possible exploits with encryption attack include gaining access information to a VM, gaining session keys between VM transfers (like a migration attack), and obtaining other storage information by gaining the encryption key used to store VMs.