Critical analysis of layer 2 network security in virtualised environments

@article{Bull2016CriticalAO,
  title={Critical analysis of layer 2 network security in virtualised environments},
  author={Ronny L. Bull and Jeanna Neefe Matthews},
  journal={Int. J. Commun. Networks Distributed Syst.},
  year={2016},
  volume={17},
  pages={315-333}
}
In this article, we explore whether layer 2 network attacks that work on physical switches apply to their virtualised counterparts by performing a systematic study across four major hypervisor environments - Open vSwitch, Citrix XenServer, Microsoft Hyper-V Server and VMware vSphere - in seven different virtual networking configurations. First, we use a malicious virtual machine to run a MAC flooding attack and evaluate the impact on co-resident virtual machines. We find that network… 

Security in the data link layer of the OSI model on LANs wired Cisco

It was proved how easy it can be to run an attack and at the same time to implement security measures on the layer 2 of the OSI.

Detection of DHCP Starvation Attacks in Software Defined Networks: A Case Study

A case study is presented that addresses a solution for detection of DHCP starvation attacks in an SDN, which is one of the most common network security problems that may disable the whole network operations.

A Channel State Information based Virtual MAC Spoofing Detector

Virtual MAC Spoofing Detection through Deep Learning

A deep convolutional neural network is constructed to extract physical features from CSI obtained from packet transmissions, to detect virtual MAC spoofing attacks via deep learning.

References

SHOWING 1-10 OF 28 REFERENCES

Exploring Layer 2 Network Security in Virtualized Environments

Whether Layer 2 network attacks that work on physical switches apply to their virtualized counterparts by performing a systematic study across four major hypervisor environments Open vSwitch, Citrix XenServer, Microsoft Hyper-V Server and VMware vSphere in seven different virtual networking configurations is explored.

Towards automated provisioning of secure virtualized networks

A secure network virtualization framework that helps realize the abstraction of Trusted Virtual Domains (TVDs), a security-enhanced variant of virtualized network zones that allows groups of related virtual machines to be connected together as though there were on their own separate network fabric.

Extending Networking into the Virtualization Layer

This work describes how Open vSwitch can be used to tackle problems such as isolation in joint-tenant environments, mobility across subnets, and distributing configuration and visibility across hosts.

Media Access Control Address Spoofing Attacks against Port Security

It is argued that the use of port security as a preventative measure is difficult and may require tradeoffs between security and performance, flexibility, administrative cost, and ease of use.

Xen and the Art of Repeated Research

It is argued that this model of research, which is enabled by open source software, is an important step in transferring the results of computer science research into production environments.

Securing Layer 2 in Local Area Networks

This paper discusses the security concerns in Layer 2 and summarize some of the possible attacks in layer 2 in Internet Protocol (IP) over Ethernet networks and proposes to incorporate additional fields into the SecTAG to improve security in local area networks.

Virtual Switching in an Era of Advanced Edges

The role of edge switching is revisited in light of these new options that have capabilities formerly only available in high-end hardware switches and it is found that edge switching provides an attractive solution in many environments.

BlueShield: A Layer 2 Appliance for Enhanced Isolation and Security Hardening among Multi-tenant Cloud Workloads

It is shown that the present security applications, deployed in a non-cloud environment, do not require modification during migration to Blue Shield based clouds, and provides high level of protection among the VMs in the same VLAN.

A quantitative study of virtual machine live migration

An automated testing framework is developed that measures important performance characteristics of live migration, including total migration time, the time a VM is unresponsive during migration, and the amount of data transferred over the network during migration.

Migrating a voice communications laboratory to a virtualized environment

The traditional Voice Communications laboratory setup was obsolete and created a bottleneck hindering the students' capability to learn due to increasing class sizes, so a centralized virtualization approach was proposed and implemented.