Article Sidebar
Published:
Nov 10, 2024Keywords:
Article Details
Tanzania Journal of Engineering and Technology (Tanz. J. Engrg. Technol.) publications are written as a basis for academic discussions. Whereas effort is made by the Editorial Board to screen out inaccurate or misleading statements, data or opinions, Tanz. J. Engrg. Technol. wishes to make it clear that the contents of the articles are the sole responsibility of the authors. Accordingly, the Editorial Board and editors, publisher, College of Engineering and Technology and the University of Dar es Salaam accept no responsibility or liability whatsoever for the opinions, inaccurate or misleading data or statement and views expressed by the authors.
However, the College of Engineering and Technology, the publisher of the Journal, reserve all rights of the articles published in the Journal. Whereas the contents of the articles are available electronically without cost, no part of the publication may be transmitted in any form or reproduced electronically or mechanically, except for short extract in critical scholarly review, research or discourse with an acknowledgement.
Main Article Content
Assessment of Web Security Vulnerabilities for Common Open Source Virtualization Software
Abstract
Open-source hypervisors have emerged as an integral technology for virtualizing server resources in cloud and data center computing. Hypervisor security efficiency is determined by virtual machine isolation, which is a defacto adoption factor in the selection process, as well as its ability to respond to web attacks. This paper assesses the security performance of Proxmox VE and XenServer for type 1 hypervisors, and Kernel Virtual Machine and Oracle Virtual Box for type 2 hypervisors. Security analysis was conducted using common exposures extracted from vulnerability databases and mapped against the OWASP 2013 and 2017 projects. For clarity, experiments were carried out on a testbed with prebuilt virtual machines, each hosting one hypervisor installed as an attack target. Kali Linux was configured in one virtual machine to run recursive penetration testing for information gathering, vulnerability detection, penetration attempts, and exploitation of weak spots. The infrastructure was set in both homogeneous and heterogeneous execution environments, with a series of tests nested with each other. All four hypervisors are vulnerable to physical kernel isolation, as unprivileged users can gain root access and launch guest-to-guest and host-to-guest attacks. Among the two, guest-to-guest attacks were found to be more common than host-to-guest attacks, indicating that virtual machine isolation is weaker than the underlying host. Type 1 hypervisors have a lower rate of host-to-guest attacks than guest-to-guest attacks, implying that XenServer and Proxmox VE provide better isolation than KVM and OVB due to the near-native speed, security, and efficiency of their virtual machines. All four hypervisors were found to be vulnerable to buffer overflow exploits and error-triggering sensitive information leaks, which were primarily caused by adopter default misconfigurations in the deployment process rather than software design flaws. This implies that greater efforts are required by open-source adopters when shifting from physical to virtual computing.
