An Empirical Analysis of Vulnerabilities in Virtualization Technologies
Published in 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016
Recommended citation: A. Gkortzis, S. Rizou and D. Spinellis, 'An Empirical Analysis of Vulnerabilities in Virtualization Technologies,' 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016, pp. 533-538, doi: 10.1109/CloudCom.2016.0093. https://antonisgkortzis.github.io/files/GRS_CloudSPD16.pdf
Abstract
Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features.