Abstract
Virtual switches are a crucial component of cloud operating systems that interconnect virtual machines in a flexible manner. They implement complex network protocol parsing in the unified packet parser - parsing all supported packet header fields in a single pass - and are commonly co-located with the virtualization layer. We find that this significantly reduces the barrier for low-budget attackers to launch high impact attacks in the cloud. This leads us to introduce the virtual switch attacker model for packet-parsing, in short the vAMP attack. Using OpenStack, a cloud operating system, and Open vSwitch, a virtual switch, we demonstrate how current virtual switch designs cannot withstand vAMP. Thereby giving a weak attacker full control of the cloud in a matter of minutes
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser | Request PDF. Available from: https://www.researchgate.net/publication/320745119_The_vAMP_Attack_Taking_Control_of_Cloud_Systems_via_the_Unified_Packet_Parser [accessed Mar 14 2018].
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser | Request PDF. Available from: https://www.researchgate.net/publication/320745119_The_vAMP_Attack_Taking_Control_of_Cloud_Systems_via_the_Unified_Packet_Parser [accessed Mar 14 2018].
Original language | English |
---|---|
Title of host publication | Proceedings of the 9th Cloud Computing Security Workshop 2017 |
Subtitle of host publication | ACM CCSW 2017 |
Publisher | Association for Computing Machinery (ACM) |
Pages | 11-15 |
Number of pages | 4 |
DOIs | |
Publication status | Published - 2017 |