Abstract
Virtual switches are a crucial component of cloud operating systems that interconnect virtual machines in a flexible manner. They implement complex network protocol parsing in the unified packet parser-parsing all supported packet header fields in a single pass- and are commonly co-located with the virtualization layer. We find that this significantly reduces the barrier for low-budget attackers to launch high impact attacks in the cloud. This leads us to introduce the virtual switch attacker model for packet-parsing, in short the vAMP attack. Using OpenStack, a cloud operating system, and Open vSwitch, a virtual switch, we demonstrate how current virtual switch designs cannot withstand vAMP. Thereby giving a weak attacker full control of the cloud in a matter of minutes.
Originalsprog | Engelsk |
---|---|
Titel | CCSW 2017 - Proceedings of the 2017 Cloud Computing Security Workshop, co-located with CCS 2017 |
Antal sider | 5 |
Forlag | Association for Computing Machinery |
Publikationsdato | 3 nov. 2017 |
Sider | 11-15 |
ISBN (Trykt) | 978-1-4503-5204-8 |
ISBN (Elektronisk) | 9781450353939 |
DOI | |
Status | Udgivet - 3 nov. 2017 |
Begivenhed | 8th ACM Cloud Computing Security Workshop, CCSW 2017 - Dallas, USA Varighed: 3 nov. 2017 → … |
Konference
Konference | 8th ACM Cloud Computing Security Workshop, CCSW 2017 |
---|---|
Land/Område | USA |
By | Dallas |
Periode | 03/11/2017 → … |
Sponsor | ACM SIGSAC |