2

I want to discuss the following scenario:

I use a cloud provider like Amazon where every instance of the OS is a VM. The hypervisor launches the VMs as needed. So let's assume there are two VMs running, mine and attacker's on the same box at the same time.

Scenario 1: The attacker has root access to his VM. But does not have physical access to the box. What attack vectors do I worry about?

  • Obviously any vulnerabilities in my VM (OS and services it provides).
    Let's assume this is out of scope for this discussion

  • Vulnerabilities in the hypervisor that lets the attacker intercept all data to and from my VM. Are there known vulnerabilities like this?

  • Any other scenarios like DMA attacks?

Scenario 2: The attacker has physical access to the box. He manages the box and is able to install custom hardware or use the peripherals like USB, HDMI etc?

  • I know that one can introspect the VM he wants to attack directly as software-based attacks are easier. Let's assume it's out of scope.
schroeder
  • 123,438
  • 55
  • 284
  • 319
SFlow
  • 263
  • 1
  • 2
  • 7

1 Answers1

1

I'm not aware of any AWS hypervisor bypasses to date, then again I don't use AWS. Here's an article (admittedly from 2014) talking about the concerns you raise.

https://www.zdnet.com/article/hypervisors-the-clouds-potential-security-achilles-heel/

While the hypervisor doesn't seem like a likely attack vector, there's lots of ways AWS setuos can come under attack here's a pretty good list as well as a real world scenario of AWS vulnerabilities

https://rhinosecuritylabs.com/cloud-security/aws-security-vulnerabilities-perspective/

If an attacker has physical access to the system, it's safe to assume in all but the rarest if cases they can compromise the system in a potentially undetectable way.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24