■ Management console vulnerabilities
–Affect the management console host
–Can provide platform or information allowing attack of management server
–Can occur in custom consoles or web applications
■ Management server vulnerabilities
–Potential to compromise virtualization system configuration
–Can provide platform from which to attack administrative VM
■ Administrative VM vulnerabilities
–Compromises system configuration
–In some systems (like Xen), equivalent to hypervisor vulnerability in that all guest VMs may be compromised
–Can provide platform from which to attack hypervisor and guest VMs
■Guest VM vulnerabilities
–Affect a single VM
–Can provide platform from which to attack administrative VM, hypervisor, and other guest VMs
■ Hypervisor vulnerabilities
–Compromise all guest VMs
–Cannot be exploited from guest VMs
■ Hypervisor escape vulnerabilities
–A type of hypervisor vulnerability
–Classified separately because of their importance
–Allow a guest VM user to “escape” from own VM to attack other VMs or hypervisor
–Violate assumption of isolation of guest VMs
No comments:
Post a Comment