The paper “The Beauty or The Beast? Attacking Rate Limits of the Xen Hypervisor” by Johanna Ullrich and Edgar Weippl has been accepted for publication at the 21st European Symposium on Research in Computer Security (ESORICS) which takes place from September, 26th-30th, 2016 in Heraklion, Greece. ESORICS is an A-ranked conference in CORE.
Abstract: Rate limits, i. e., throttling network bandwidth, are considered to be means of protection; and guarantee fair bandwidth distribution among virtual machines that reside on the same Xen hypervisor.In the absence of rate limits, a single virtual machine would be able to (unintentionally or maliciously) exhaust all resources, and cause a denial-of-service for its neighbors. In this paper, we show that rate limits snap back and become attack vectors themselves. Our analysis highlights that Xen’s rate limiting throttles only outbound traffic, and is further prone to burst transmissions making virtual machines that are rate limited vulnerable to externally-launched attacks. In particular, we propose two attacks: Our side channel allows to infer all configuration parameters that are related to rate limiting functionality; while our denial-of-service attack causes up to 88.3 percent packet drops, or up to 13.8 seconds of packet delay.