| Virtualization technology can make multiple operating systems run on the same physical machine and offer effective resource isolation and data isolation, which makes more efficient use of hardware and saves IT cost. Also, virtualization is one of the key technologies of Cloud Computing. With the rapid development and deployment of virtualization technology, its security problems have emerged as an unavoidable issue. Due to the specificity of virtualization, its security problem is more harmful than traditional security threats. One key to asure security is to install updates timely after vulnerability is exposed. Finding vulnerabilities of virtualization software ahead of malicious guys is very important. In this paper, we designed and implemented a virtualization software vulnerability digging tool based on fuzz test, with which we can find vulnerabilities more efficiently and release updates timely.This thesis made an systemetic analysis of security problems in virtualization environment and built threaten model of virtualization. After observing and analysing many virtualization related vulnerabilities, we proposed a vulnerability digging method based on fuzz test. This thesis makes the functional and non-functional requirements analysis with use cases diagram and timing diagram and concludes all features that should be implemented. This tool can fuzz the CPU instruction parsing subsystem and virtual I/O subsystem. Also it can fuzz some specific component of Xen, QEMU and VMware Workstation.We found many abnormal behaviors of virtualization component when we did fuzz test on Xen, QEMU and Vmware Workstation. During the analysis process we found a PyGrub-related vulnerability of Xen and submitted it to the National Vulnerability Database, which shows that this tool does have the ability to dig virtualization vulnerabilities. |
PDF Full Text Request