Change search
ReferencesLink to record
Permanent link

Direct link
Mitigation of Virtunoid Attacks on Cloud Computing Systems
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology.
2015 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Virtunoid is a proof of concept exploit abusing a vulnerability in the open source hardware virtualisation control program QEMU-KVM. The vulnerability originally stems from improper hotplugging of emulated embedded circuitry in the Intel PIIX4 southbridge resulting in memory corruption and dangling pointers. The exploit can be used to compromise the availability of the virtual machine, or to escalate privileges compromising the confidentiality of the resources in the host system. The research presented in this dissertation shows that the discretionary access control system, provided by default in most Linux operating systems, is insufficient in protecting the QEMU-KVM hypervisor against the Virtunoid exploit. Further, the research presented in this dissertation shows that the open source solutions AppArmor and grsecurity enhances the Linux operating system with additional protection against the Virtunoid exploit through mandatory access control, either through profiling or role-based access control. The research also shows that the host intrusion prevention system PaX does not provide any additional protection against the Virtunoid exploit. The comprehensive and detailed hands-on approach of this dissertation holds the ability to be reproduced and quantified for comparison necessary for future research.

Place, publisher, year, edition, pages
2015. , 77 p.
IT, 15005
Keyword [en]
Cloud Computing, Hardware Virtualisation, Security Exploits
National Category
Engineering and Technology
URN: urn:nbn:se:uu:diva-243353OAI: diva2:787233
Educational program
Freestanding course
Available from: 2015-02-10 Created: 2015-02-09 Last updated: 2015-02-16Bibliographically approved

Open Access in DiVA

fulltext(8840 kB)471 downloads
File information
File name FULLTEXT01.pdfFile size 8840 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Information Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 471 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1389 hits
ReferencesLink to record
Permanent link

Direct link