Exploring the Attack Surface of Modern Hypervisors
Exploring the Attack Surface of Modern Hypervisors
Supervisor(s): | Manuel Andreas |
Status: | finished |
Topic: | Others |
Author: | Jan Tesch |
Submission: | 2025-03-18 |
Type of Thesis: | Bachelorthesis |
DescriptionModern cloud environments rely on hypervisors to deploy and manage customers’ virtual machines. Virtualizing a system involves the isolation of several aspects. The main aspects are providing a virtualized CPU, mainly utilizing hardware extensions for performance and simplicity, and device virtualization to allow the operating system to interact with the network or storage in a familiar way. I provided a detailed analysis of vulnerabilities in these virtualization components and proposed concrete approaches for further studies. To collect information about common elements, I used a CVE database to search for keywords for each topic and presented the components’ root causes and required interactions. The vulnerabilities detailed a significant research gap in nested virtualization concerning validating a nested hypervisor’s virtual machine configuration and emulating VM Exit behavior. Additionally, vulnerabilities in instruction emulation and Xen’s para-virtualization features suggested that components with a high complexity pose a potential for critical vulnerabilities introduced by large data structures or complex interaction schemes. |