Open Access Open Access  Restricted Access Subscription Access

A Novel VENOM Attack Identification Mechanism in Cloud Virtualization Environment

Cheick Abdoul-Kader,
Shih-Hao Chang,


This paper investigates the security issue of virtualization in the cloud computing. We focus on how to identify the VENOM attack in the cloud-computing environment, and how to protect the hypervisor from this VENOM attack. Firstly, we have implemented VENOM vulnerability in the environment of QEMU/KVM and tried to identify its behaviors (action) in the cloud. Secondly, we also tried to protect the hypervisor, which is the most vulnerability part for virtualization environment. The proposed mechanism provides identification of the VENOM attack and lock the FDC port (0x3f5), which is responsible to send I/O command to the hypervisor.


VENOM; QEMU; Virtualization; I/O command; Malware Attack

Citation Format:
Cheick Abdoul-Kader, Shih-Hao Chang, "A Novel VENOM Attack Identification Mechanism in Cloud Virtualization Environment," Communications of the CCISA, vol. 24, no. 1 , pp. 61-72, Jan. 2018.

Full Text:



  • There are currently no refbacks.

Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office, No.1, Sec. 1, Shennong Rd., Yilan City, Yilan County 260, Taiwan (R.O.C.)