Description
Modern cloud environments rely on hypervisors to deploy and manage customers’
virtual machines. Virtualizing a system involves the isolation of several aspects. The
main aspects are providing a virtualized CPU, mainly utilizing hardware extensions
for performance and simplicity, and device virtualization to allow the operating system
to interact with the network or storage in a familiar way.
I provided a detailed analysis of vulnerabilities in these virtualization components
and proposed concrete approaches for further studies. To collect information about
common elements, I used a CVE database to search for keywords for each topic and
presented the components’ root causes and required interactions.
The vulnerabilities detailed a significant research gap in nested virtualization concerning
validating a nested hypervisor’s virtual machine configuration and emulating
VM Exit behavior. Additionally, vulnerabilities in instruction emulation and Xen’s
para-virtualization features suggested that components with a high complexity pose
a potential for critical vulnerabilities introduced by large data structures or complex
interaction schemes.
|
