The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser

Kashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, Stefan Schmid

    Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

    4 Citations (Scopus)

    Abstract

    Virtual switches are a crucial component of cloud operating systems that interconnect virtual machines in a flexible manner. They implement complex network protocol parsing in the unified packet parser - parsing all supported packet header fields in a single pass - and are commonly co-located with the virtualization layer. We find that this significantly reduces the barrier for low-budget attackers to launch high impact attacks in the cloud. This leads us to introduce the virtual switch attacker model for packet-parsing, in short the vAMP attack. Using OpenStack, a cloud operating system, and Open vSwitch, a virtual switch, we demonstrate how current virtual switch designs cannot withstand vAMP. Thereby giving a weak attacker full control of the cloud in a matter of minutes

    The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser | Request PDF. Available from: https://www.researchgate.net/publication/320745119_The_vAMP_Attack_Taking_Control_of_Cloud_Systems_via_the_Unified_Packet_Parser [accessed Mar 14 2018].
    Original languageEnglish
    Title of host publicationProceedings of the 9th Cloud Computing Security Workshop 2017
    Subtitle of host publicationACM CCSW 2017
    PublisherAssociation for Computing Machinery (ACM)
    Pages11-15
    Number of pages4
    DOIs
    Publication statusPublished - 2017

    Fingerprint Dive into the research topics of 'The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser'. Together they form a unique fingerprint.

    Cite this