2012年8月28日 星期二

A New Attack Vector : Attack from VMM

With growth of cloud service , virtual machine become widely deployed. Nowadays, security issue was most   concern when employ cloud service. Recently, Symantec has announced malware analysis report about Crisis. The most interesting thing is that Crisis can propagate though VMware, and this can be a good example of security issue of cloud service.

The only function demo by Crisis is copy it self into VM by VMware player tool. However with power of VMI technique proposed by many academic work, Mlaware can do almost everything from stealing information, killing Anti-Virus to invoking new process outside the VM. Due to this "out-of-box" character, system inside VM has no direct way to detect this kind of attack.

To raise this kind of attack, hacker should first get control of VMM. This can be done by misconfiguration of    VM server, by insider attack, or some vulnerability of VM system(like vulnerability in Xen driver). Although attack to VM server is not an easy job, it still introduce a new attack vector that worthy to research in the future.       

[1]  Symantec Crisis Analysis Report

沒有留言:

張貼留言