Summary of security threats on the xen Platform

Source: Internet
Author: User


This article classifies software and hardware attacks on the xen platform, and provides simple attack methods for each type of attacks. In fact, hackers, viruses, and other attack methods are far more than that, this section only summarizes some common attack methods.

The first is to summarize the hardware security threats on the xen platform.

L CPU threats: 1) the attacker updates and modifies the microcode through the microcode of the CPU. As a result, the CPU executes the command to assume that it is currently in the privileged level (RING 0 ), attackers can access the hypervisor's physical memory illegally. 2) the malicious VM controls the CPU cache content, causing the CPU to inadvertently execute the hypervisor modified in the cacheCode. 3) attackers modify the SMI handler in the bios and have sufficient permissions to execute the code in the SMM to modify the physical memory area of the hypervisor.

L Northbridge DMA attack: IEEE 1394 (FireWire) allows the terminal to send a serial bus for remote DMA requests. attackers can send DMA requests to read and write the entire memory area of the system through the FireWire controller, to attack hypervisor.

L Southbridge attacks: SMI (System Management Interrupt) is an interrupt processing function running in system management mode (SMM), which is stored in System Management RAM (smram ). Attackers can use the I/O operations on the nanqiao chip to control access to smram. Therefore, attackers can construct malicious SMI handler to destroy hypervisor.

 

Then there is the software security threats on the xen platform. Here we will focus on the security threats to the firmware. For example, hypervisor software vulnerabilities, the attacks caused by OS bugs also fall within this scope. As there are too many attack methods in this regard, we will not summarize them.

Bios/UEFI threats: 1) rewrite malicious code through normal BIOS firmware to crack hypervisor integrity. 2) If the bios/EFI Manufacturer uses the updated code signature method, you can modify the custom section of the BIOS of the OEM manufacturer to launch an attack.

Ø threat from option ROM: Option ROMs includes the firmware (also known as the BIOS of these devices) of devices such as SCSI Storage controllers, raid, Nic, and video controllers, different from primary BIOS ). Attackers can use malicious code to replace these option Roms. When the OS is running, they can call these Malicious firmware codes to access the hypervisor memory area.

Ø ACPI threats: Advanced confirmation and Power Interface (ACPI) is a Power Management Specification for existing commercial PCs. It uses the AML (ACPI machine language) script to manage the Point Resource Status of various devices. These AML scripts are read and parsed by the OS in kernel mode (RING 0). Attackers can insert malicious AML scripts to access the hypervisor memory area.

Other software code: malicious code in the VM controls the Cache Policy of the hypervisor to obtain access to the memory area of the hypervisor.

http://hi.baidu.com/mars208/blog/item/0ec3413aaf9e333071cf6c1a.html/cmtid/fdfd13f155e1712abd31096c

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.