T01
|
V01
|
An attacker can use the victim’s account to get access to the target’s resources.
|
Identity and Access Management Guidance [65]
|
Dynamic credential [66]
|
T02
|
V03a, V03c
|
Data from hard drives that are shared by several customers cannot be completely removed.
|
Specify destruction strategies on Service-level Agreements (SLAs)
|
T03
|
V03a, V03c, V03d, V03f, V04a-f, V05a, V07
|
Authors in [58] illustrated the steps necessary to gain confidential information from other VMs co-located in the same server as the attacker.
|
FRS techniques [67]
|
Digital Signatures [68]
|
Side channel [69]
|
Encryption [69]
|
Homomorphic encryption [70]
|
T04
|
V01, V02
|
An attacker can request more computational resources, so other legal users are not able to get additional capacity.
|
Cloud providers can force policies to offer limited computational resources
|
T05
|
V01
|
Some examples are described in [32] such as SQL, command injection, and cross-site scripting
|
Web application scanners [71]
|
T06
|
V06a, V06b
|
A zero-day exploit in the HyperVM virtualization application that destroyed about 100,000 websites [72]
|
HyperSafe [60]
|
TCCP (Trusted Cloud
|
Computing Platform) [63]
|
TVDc (Trusted Virtual Datacenter) [73, 74]
|
T07
|
V04b, V06b
|
[75] presents a study that demonstrates security flaws in most virtual machines monitors
| |
T08
|
V05a, V05b
|
An attacker can create a VM image containing malware and publish it in a public repository.
|
Mirage [49]
|
T09
|
V04d
|
[76] has empirically showed attacks against the migration functionality of the latest version of the Xen and VMware virtualization products.
|
PALM [64]
|
TCCP [63]
|
VNSS [52]
|
T10
|
V07
|
Sniffing and spoofing virtual networks [51]
|
Virtual network framework based on Xen network modes: “bridged” and “routed” [51]
|