finish hypervisor security section

honours-project.tex

@@ -729,9 +729,15 @@ \subsubsection{Data Loss and Breach}
 
 \subsubsection{Hypervisor}
 
+Hypervisors enable the virtualization of complete operating systems on top of a physical system. CSPs often run multiple virtual machines alongside eachother in a multitenant environment. The hypervisor should provide adequate segregation between virtual machines but they can have vulnerabilities or leak information.
 
+VM escape occurs when a malicious user breaks the security mechanisms of the hypervisor and gains access to the host or other virtual machines running on the same hypervisor, leading to unauthorized access to sensitive data and abuse of resources \cite{owens2009securing}. A priviledge escallation vulnerability in Xen, the open source hypervisor, gave attackers in a virtual machine unauthorized access to the host \cite{xenprivilege}.
 
+VM hopping can occur when an attacker has gained access to the hypervisor, and manipulates network traffic, configuration files, or performs a man-in-the-middle attack to the running VMs \cite{hyde2009survey}.
 
+VMs can become infected and remotely controlled when the configuration and data files of the VM are changed and then migrated to a different host. Once the VM starts up on the new host the infected VM can infect that host and its VMs. This kind of attack is called VM mobility \cite{hyde2009survey,zhang2011virtualization}.
+
+Lastly, VMs that have  been forgotten can quickly become vulnerable to new security flaws that would otherwise be patched in an actively maintained system. Attackers are able to exploit unpatched vulnerabilities and gain access to the system and its data \cite{jasti2010security}.
 
 \subsubsection{Denial of Service}
 

research.bib

@@ -995,12 +995,23 @@ @inproceedings{zookeeper
 
 @article{kalpana2015brief,
   title={A brief Survey on Security Issues in Cloud and its service models},
-  author={Kalpana, G and Kumar, PV and Krishnaiah, RV}
+  author={Kalpana, G and Kumar, PV and Krishnaiah, RV},
+  journal={International Journal of Advanced Research in Computer andCommunication Engineering},
+  volume={4},
+  number={6},
+  year={2015},
+  month={June},
+  doi={10.17148/IJARCCE.2015.4698}
 }
 
 @article{kazim2015survey,
   title={A survey on top security threats in cloud computing},
-  author={Kazim, Muhammad and Zhu, Shao Ying}
+  author={Kazim, Muhammad and Zhu, Shao Ying},
+  journal={International Journal of Advanced Computer Science and Applications},
+  year={2015},
+  volume={6},
+  number={3},
+  doi={10.14569/IJACSA.2015.060316}
 }
 
 @online{amazonse,
@@ -1039,3 +1050,42 @@ @techreport{alertlogicsecurity
   year={2015},
   url={https://www.alertlogic.com/resources/cloud-security-report-2015/}
 }
+
+@online{xenprivilege,
+  title={Privilege Escalation, DoS Vulnerabilities Patched in Xen},
+  author={Eduard Kovacs},
+  publisher={Security Week},
+  date={2016-09-09},
+  url={http://www.securityweek.com/privilege-escalation-dos-vulnerabilities-patched-xen}
+}
+
+@techreport{owens2009securing,
+  title={Securing virtual compute infrastructure in the cloud},
+  author={Owens, Ken},
+  publisher={Savvis},
+  year={2009},
+  url={http://viewer.media.bitpipe.com/1018468865_999/1296679360_880/Securing-Virtual-Compute-Infrastructure-in-the-Cloud.pdf}
+}
+
+@techreport{hyde2009survey,
+  title={A survey on the security of virtual machines},
+  author={Hyde, Doug},
+  year={2009},
+  url={http://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html}
+}
+
+@inproceedings{zhang2011virtualization,
+  title={Virtualization security in data centers and clouds},
+  author={Zhang, Minjie and Jain, Raj},
+  year={2011},
+  organization={Citeseer}
+}
+
+@inproceedings{jasti2010security,
+  title={Security in multi-tenancy cloud},
+  author={Jasti, Amarnath and Shah, Payal and Nagaraj, Rajeev and Pendse, Ravi},
+  booktitle={Security Technology (ICCST), 2010 IEEE International Carnahan Conference on},
+  pages={35--41},
+  year={2010},
+  organization={IEEE}
+}