現行各種雲端運算之彈性仰賴於虛擬化技術的支持,然而虛擬化之安全建構於其技術所能提供之隔離性,若雲端平台上使用者打破虛擬化隔離性,則雲端平台所有共用使用者將一併受害。本論文以Xen Hypervisor所提供之半虛擬化技術為對象,探討使用虛擬化技術時隔離議題之重要性,歸納出虛擬化技術中實作顯示暫存區常發生之共同漏洞,並以半虛擬化顯示暫存區漏洞的實際漏洞CVE-2008-1943,展示虛擬機器脫逸(Virtual Machine Escape)實驗,取得Xen中的Domain 0之Root Shell,來證明虛擬化的隔離非牢不可破。最後在其他Domain U不知情的情況下,以竄改該Domain U的開機磁區,使其開機程序受到綁架,由此說明隔離性失效之後帶來的影響及損失。研究貢獻在於歸納出虛擬化技術中實作顯示暫存之共同漏洞,並以實際半虛擬化顯示暫存區進行虛擬機器脫逸實驗,以實驗結果證明虛擬化隔離性失效。此外更提供開機磁區竄改實驗作為後續攻擊之案例,以說明隔離性失效後可能帶來之損失,作為未來雲端安全核心研究之基礎。The on-demand feature of cloud computing is rely on supporting of virtualization technology, it is worth to know that security in virtualization is built upon the isolation. Thus, once the user of the cloud platform break the isolation, then all the users in the cloud platform will become victims. In this thesis, I focus on paravirtualization which is provided by Xen hypervisor to discuss about the importance of isolation in virtualization technology. It conclude that there are common vulnerability in many implementation of video-related device in virtualization technology. Moreover, with a practical exploitation about CVE-2008-1943, this thesis show that user can escape from an unpriviedge domain to the privilege domain's root shell (Virtual Machine Escape). Finally, this thesis show that attacker can easily hijack other user's virtual machine by modifying the virtual machine's master boot record. The major contributions are conclude the common vulnerability which is the implementation of video device in virtualization technology, and provide an hand-on VM escape experiment to prove the fail of isolation in virtualization. Moreover, this thesis provide an attack model, Master Boot Record Hijacking, to explain the impact after the fail of isolation.
