Table 2 Relationships between vulnerabilities and threats in network virtualization environments

Lack of ARP table protection

ARP table poisoning

Placement of firewall rules inside virtual nodes

Subversion of firewall rules

Lack of ARP table protection

ARP table poisoning

Transmission of data in predictable patterns

Traffic Analysis attacks

Uncontrolled handling of multiple, sequential virtual network requests from a single entity

Inference and disclosure of sensitive topologicalinformation

Unprotected exchange of routing informationamong virtual routers

Disclosure of sensitive routing information

Uncontrolled Introspection

Data theft

Improper handling of identities:

Injection of malicious messages with forged

- within individual networks;

sources

- among federated networks;

Privilege escalation

- during migration procedures.

Abuse of node removal and re-addition

in order to obtain new (clean) identities

Uncontrolled rollback operations

Loss of registry entries

Lack of unique message identifiers

Replay attacks

Uncontrolled resource allocation

Performance degradation

Abusive resource consumption

Uncontrolled handling of virtual network

Exhaustion of resources in specific parts

requests

of the infrastructure

Lack of proactive or reactive recovery

Denial of Service attacks

strategies

Lack of proactive or reactive recovery

Failure of virtual routers/networks

strategies

Uncontrolled resource reallocation after

Overloading of remaining virtual routers

failures

after failures

Improper handling of identities and associatedprivileges

Privilege escalation

Privilege escalation in Virtual Machine

Unauthorized control of physical routers

Monitors