From: Virtual network security: threats, countermeasures, and challenges
Threat categories | Vulnerabilities | Threats | |
---|---|---|---|
Disclosure | Information Leakage | Lack of ARP table protection | ARP table poisoning |
 |  | Placement of firewall rules inside virtual nodes | Subversion of firewall rules |
 | Information Interception | Lack of ARP table protection | ARP table poisoning |
 |  | Transmission of data in predictable patterns | Traffic Analysis attacks |
 |  | Uncontrolled handling of multiple, sequential virtual network requests from a single entity | Inference and disclosure of sensitive topologicalinformation |
 |  | Unprotected exchange of routing informationamong virtual routers | Disclosure of sensitive routing information |
 | Introspection Exploitation | Uncontrolled Introspection | Data theft |
Deception | Â | Improper handling of identities: | Injection of malicious messages with forged |
 | Identity Fraud | - within individual networks; | sources |
 |  | - among federated networks; | Privilege escalation |
 |  | - during migration procedures. | Abuse of node removal and re-addition |
 |  |  | in order to obtain new (clean) identities |
 | Loss of registry entries | Uncontrolled rollback operations | Loss of registry entries |
 | Replay attacks | Lack of unique message identifiers | Replay attacks |
Disruption | Physical Resource | Uncontrolled resource allocation | Performance degradation |
 | Overloading |  | Abusive resource consumption |
 |  | Uncontrolled handling of virtual network | Exhaustion of resources in specific parts |
 |  | requests | of the infrastructure |
 |  | Lack of proactive or reactive recovery | Denial of Service attacks |
 |  | strategies |  |
 | Physical Resource Failure | Lack of proactive or reactive recovery | Failure of virtual routers/networks |
 |  | strategies |  |
 |  | Uncontrolled resource reallocation after | Overloading of remaining virtual routers |
 |  | failures | after failures |
Usurpation | Identity Fraud | Improper handling of identities and associatedprivileges | Privilege escalation |
 | Software Vulnerability | Privilege escalation in Virtual Machine | Unauthorized control of physical routers |
 | Exploitation | Monitors |  |