A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation
- Submitting institution
-
University of Bristol
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 197130609
- Type
- E - Conference contribution
- DOI
-
10.1109/CLOUD.2018.00084
- Title of conference / published proceedings
- 2018 IEEE 11th International Conference on Cloud Computing (CLOUD 2018) : Proceedings of a meeting held 2-7 July 2018, San Francisco, California, USA
- First page
- 606
- Volume
- -
- Issue
- -
- ISSN
- 2159-6190
- Open access status
- Exception within 3 months of publication
- Month of publication
- September
- Year of publication
- 2018
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
5
- Research group(s)
-
B - Cybersecurity and Cryptography
- Citation count
- 1
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Cloud computing architectures underpin much of the world’s key online services. This work discovered and provided remediation for a zero-day network channel exploit of Openstack & Ravello - leading open-source platforms for cloud-computing used to provide key services by hundreds of organisations, including PayPal, UK.Gov & CERN. In this attack actors are able to monitor and exfiltrate data from other co-resident virtual machines, bypassing traditional mitigations. The exploit and a fix were responsibly disclosed to Openstack & Ravello who have confirmed the vulnerability and incorporated the fix into security patch.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -