An empirical analysis of vulnerabilities in virtualization technologies
Φόρτωση...
Ημερομηνία
2016
Συγγραφείς
Gkortzis, Antonios
Rizou, Stamatia
Spinellis, Diomidis
Τίτλος Εφημερίδας
Περιοδικό ISSN
Τίτλος τόμου
Εκδότης
Επιβλέπων
Διαθέσιμο από
2024-10-25 11:51:22
Περίληψη
Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features.
Περιγραφή
Λέξεις-κλειδιά
IT security, Virtualization, Vulnerabilities, Hypervisor, Common Vulnerabilities and Exposures (CVE)
Παραπομπή
Published in 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)