Return-oriented programming attack on the Xen hypervisor

Baozeng Ding, Yanjun Wu, Yeping He, Shuo Tian, Bei Guan, Guowei Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.

Original languageEnglish
Title of host publicationProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Pages479-484
Number of pages6
DOIs
Publication statusPublished - 26 Nov 2012
Event2012 7th International Conference on Availability, Reliability and Security, ARES 2012 - Prague, Czech Republic
Duration: 20 Aug 201224 Aug 2012

Publication series

NameProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012

Other

Other2012 7th International Conference on Availability, Reliability and Security, ARES 2012
CountryCzech Republic
CityPrague
Period20/8/1224/8/12

Keywords

  • Return-oriented programming
  • hypervisor
  • privilege escalation
  • security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Cite this

Ding, B., Wu, Y., He, Y., Tian, S., Guan, B., & Wu, G. (2012). Return-oriented programming attack on the Xen hypervisor. In Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012 (pp. 479-484). [6329220] (Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012). https://doi.org/10.1109/ARES.2012.16