1. Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures
- Author
-
Rameez Asif and John Patrick Barrowclough
- Subjects
Article Subject ,Computer Networks and Communications ,Computer science ,QA75 Electronic computers. Computer science ,Information science ,Vulnerability ,Cloud computing ,02 engineering and technology ,Data breach ,Cyber-security ,Computer security ,computer.software_genre ,Software ,Cloud Computing, Hypervisor, Encryption, Network Security, Data Networks ,lcsh:Technology (General) ,0202 electrical engineering, electronic engineering, information engineering ,Centre for Distributed Computing, Networking and Security ,lcsh:Science (General) ,Authentication ,business.industry ,020206 networking & telecommunications ,Hypervisor ,AI and Technologies ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,005.8 Data security ,lcsh:T1-995 ,020201 artificial intelligence & image processing ,Networks ,business ,computer ,lcsh:Q1-390 ,Information Systems - Abstract
The exponential rise of the cloud computing paradigm has led to the cybersecurity concerns, taking into account the fact that the resources are shared and mediated by a ‘hypervisor’ that may be attacked and user data can be compromised or hacked. In order to better define these threats to which a cloud hypervisor is exposed, we conducted an in-depth analysis and highlighted the security concerns of the cloud. We basically focused on the two particular issues, i.e., (a) data breaches and (b) weak authentication. For in-depth analysis, we have successfully demonstrated a fully functional private cloud infrastructure running on CloudStack for the software management and orchestrated a valid hack. We analyzed the popular open-source hypervisors, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose the characterization and countermeasures of hypervisor’s vulnerabilities. These investigations can be used to understand the potential attack paths on cloud computing and Cloud-of-Things (CoT) applications and identify the vulnerabilities that enabled them.
- Published
- 2018