Exploring Layer 2 Network Security in Virtualized Environments

Presented at DEF CON 23 (2015), Aug. 8, 2015, 5 p.m. (60 minutes).

Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a bridged interface to each virtual machine or as complicated as a virtual switch providing more robust networking features such as VLANs, QoS, and monitoring. In this paper, we explore whether Layer 2 network attacks that work on physical switches apply to their virtualized counterparts by performing a systematic study across four major hypervisor environments - Open vSwitch, Citrix XenServer, Microsoft Hyper-V Server and VMware vSphere - in seven different virtual networking configurations. First, we use a malicious virtual machine to run a MAC flooding attack and evaluate the impact on co-resident VMs. We find that network performance is degraded on all platforms and that it is possible to eavesdrop on other client traffic passing over the same virtual network for Open vSwitch and Citrix XenServer. Second, we use a malicious virtual machine to run a rogue DHCP server and then run multiple DHCP attack scenarios. On all four platforms, co-resident VMs can be manipulated by providing them with incorrect or malicious network information.


Presenters:

  • Ronny L. Bull - Ph.D. Graduate Student, Clarkson University
    Mr. Bull is a Computer Science Ph.D. graduate student at Clarkson University focusing on Layer 2 network security in virtualized environments. He presented his preliminary research involving MAC flooding attacks against virtualized networks at the DerbyCon 4.0 computer security conference held in Louisville, KY in September 2014. Mr. Bull earned an A.A.S. degree in Computer Networking at Herkimer College in 2006 and completed both a B.S. and M.S. in Computer Science at the State University of New York Institute of Technology in 2011. He was a founding faculty member of the School of Engineering at SUNY Polytechnic Institute in Utica, NY teaching undergraduate and graduate courses in both the Network and Computer Security and Telecommunications programs, and also served as an advisor to the SUNY Poly Network and Computer Security club. Mr. Bull recently made a transition to Utica College as an Assistant Professor of Computer Science with a focus in networking and cybersecurity. He also co-founded and is one of the primary organizers of the Central New York Intercollegiate Hackathon event which brings together local cybersecurity students from colleges in Central New York to compete against each other in offensive and defensive cybersecurity activities.
  • Dr. Jeanna N. Matthews - Associate Professor, Clarkson University   as Jeanna N. Matthews
    Dr. Matthews is an Associate Professor of Computer Science at Clarkson University. Her research interests include virtualization, cloud computing, computer security, computer networks and operating systems. Jeanna received her Ph.D. in Computer Science from the University of California at Berkeley in 1999. She is currently the chair of the ACM Special Interest Group on Operating Systems (SIGOPS), the co-editor of ACM Operating System Review and a member of the Executive Committee of US-ACM, the U.S. Public Policy Committee of ACM. She has written several popular books including ”Running Xen: A Hands-On Guide to the Art of Virtualization” and ”Computer Networking: Internet Protocols In Action".

Links:

Similar Presentations: