SVTester: Finding DoS Vulnerabilities of Virtual Switches

抄録

Nowadays, virtualization is being deployed in many companies and institutions' systems. However, a noticeable security problem of virtualization is the fact that multiple virtual machines are run on one physical host machine called hypervisor. Hypervisors often implement a virtual switch to manage network connections between the internal virtual network and the external physical network. However, an adversary could exploit virtual switch flaws and use them to sabotage the entire virtual network. As a consequence, the attack could make all applications running on virtual machines unavailable. In this paper, we present SVTester, a fuzzing-based testing tool that can automatically identify possible vulnerabilities of a virtual switch that can be exploited for certain types of Denial-of-Service attack. We used an initial version of SVTester to check several hypervisors that implement the virtual switch. The results show that SVTester was able to rediscover DoS weaknesses on an old version of VMware hypervisor and found a novel possible vulnerability in the Oracle VirtualBox hypervisor. Our results also prove the effectiveness and potential of SVTester in evaluating virtual network security.