Abstract
Virtual switches are a crucial component of cloud operating systems that interconnect virtual machines in a flexible manner. They implement complex network protocol parsing in the unified packet parser - parsing all supported packet header fields in a single pass - and are commonly co-located with the virtualization layer. We find that this significantly reduces the barrier for low-budget attackers to launch high impact attacks in the cloud. This leads us to introduce the virtual switch attacker model for packet-parsing, in short the vAMP attack. Using OpenStack, a cloud operating system, and Open vSwitch, a virtual switch, we demonstrate how current virtual switch designs cannot withstand vAMP. Thereby giving a weak attacker full control of the cloud in a matter of minutes
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser | Request PDF. Available from: https://www.researchgate.net/publication/320745119_The_vAMP_Attack_Taking_Control_of_Cloud_Systems_via_the_Unified_Packet_Parser [accessed Mar 14 2018].
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser | Request PDF. Available from: https://www.researchgate.net/publication/320745119_The_vAMP_Attack_Taking_Control_of_Cloud_Systems_via_the_Unified_Packet_Parser [accessed Mar 14 2018].
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 9th Cloud Computing Security Workshop 2017 |
| Subtitle of host publication | ACM CCSW 2017 |
| Publisher | Association for Computing Machinery (ACM) |
| Pages | 11-15 |
| Number of pages | 4 |
| DOIs | |
| Publication status | Published - 2017 |