Return-oriented programming attack on the Xen hypervisor

Baozeng Ding, Yanjun Wu, Yeping He, Shuo Tian, Bei Guan, Guowei Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.

Original languageEnglish
Title of host publicationProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Pages479-484
Number of pages6
DOIs
Publication statusPublished - 26 Nov 2012
Externally publishedYes
Event2012 7th International Conference on Availability, Reliability and Security, ARES 2012 - Prague, Czech Republic
Duration: 20 Aug 201224 Aug 2012

Other

Other2012 7th International Conference on Availability, Reliability and Security, ARES 2012
CountryCzech Republic
CityPrague
Period20/8/1224/8/12

Keywords

  • hypervisor
  • privilege escalation
  • Return-oriented programming
  • security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Cite this

Ding, B., Wu, Y., He, Y., Tian, S., Guan, B., & Wu, G. (2012). Return-oriented programming attack on the Xen hypervisor. In Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012 (pp. 479-484). [6329220] https://doi.org/10.1109/ARES.2012.16

Return-oriented programming attack on the Xen hypervisor. / Ding, Baozeng; Wu, Yanjun; He, Yeping; Tian, Shuo; Guan, Bei; Wu, Guowei.

Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012. 2012. p. 479-484 6329220.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ding, B, Wu, Y, He, Y, Tian, S, Guan, B & Wu, G 2012, Return-oriented programming attack on the Xen hypervisor. in Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012., 6329220, pp. 479-484, 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, Prague, Czech Republic, 20/8/12. https://doi.org/10.1109/ARES.2012.16
Ding B, Wu Y, He Y, Tian S, Guan B, Wu G. Return-oriented programming attack on the Xen hypervisor. In Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012. 2012. p. 479-484. 6329220 https://doi.org/10.1109/ARES.2012.16
Ding, Baozeng ; Wu, Yanjun ; He, Yeping ; Tian, Shuo ; Guan, Bei ; Wu, Guowei. / Return-oriented programming attack on the Xen hypervisor. Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012. 2012. pp. 479-484
@inproceedings{464f4bd3522643c8b62428f3bba5f105,
title = "Return-oriented programming attack on the Xen hypervisor",
abstract = "In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.",
keywords = "hypervisor, privilege escalation, Return-oriented programming, security",
author = "Baozeng Ding and Yanjun Wu and Yeping He and Shuo Tian and Bei Guan and Guowei Wu",
year = "2012",
month = "11",
day = "26",
doi = "10.1109/ARES.2012.16",
language = "English",
isbn = "9780769547756",
pages = "479--484",
booktitle = "Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012",

}

TY - GEN

T1 - Return-oriented programming attack on the Xen hypervisor

AU - Ding, Baozeng

AU - Wu, Yanjun

AU - He, Yeping

AU - Tian, Shuo

AU - Guan, Bei

AU - Wu, Guowei

PY - 2012/11/26

Y1 - 2012/11/26

N2 - In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.

AB - In this paper, we present an approach to attackon the Xen hypervisor utilizing return-oriented programming(ROP). It modifies the data in the hypervisor that controlswhether a VM is privileged or not and thus can escalatethe privilege of an unprivileged domain (domU) at runtime. As ROP technique makes use of existed code to implementattack, not modifying or injecting any code, it canbypass the integrity protections that base on code measurement. By constructing such kind of attack at the virtualizationlayer, it can motivate further research work towardspreventing or detecting ROP attack on the hypervisor.

KW - hypervisor

KW - privilege escalation

KW - Return-oriented programming

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84869391331&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869391331&partnerID=8YFLogxK

U2 - 10.1109/ARES.2012.16

DO - 10.1109/ARES.2012.16

M3 - Conference contribution

SN - 9780769547756

SP - 479

EP - 484

BT - Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012

ER -