An empirical analysis of vulnerabilities in virtualization technologies

Antonios Gkortzis*, Stamatia Rizou, Diomidis Spinellis

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

9 Citations (Scopus)

Abstract

Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features.

Original languageEnglish
Title of host publicationProceedings - 8th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2016
PublisherIEEE
Pages533-538
Number of pages6
ISBN (Electronic)9781509014453
DOIs
Publication statusPublished - 2 Jul 2016
Externally publishedYes
Event8th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2016 - Luxembourg, Luxembourg
Duration: 12 Dec 201615 Dec 2016

Publication series

NameProceedings of the International Conference on Cloud Computing Technology and Science, CloudCom
Volume0
ISSN (Print)2330-2194
ISSN (Electronic)2330-2186

Conference

Conference8th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2016
CountryLuxembourg
CityLuxembourg
Period12/12/1615/12/16

Keywords

  • Cloud Computing
  • Container
  • Hypervisor
  • Virtualization
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'An empirical analysis of vulnerabilities in virtualization technologies'. Together they form a unique fingerprint.

Cite this