Cross-VM network attacks & their countermeasures within cloud computing environments

Cloud computing is a contemporary model in which the computing resources are dynamically scaled-up and scaled-down to customers, hosted within large-scale multi-tenant systems. These resources are delivered as improved, cost-effective and available upon request to customers. As one of the main trends of IT industry in modern ages, cloud computing has extended momentum and started to transform the mode enterprises build and offer IT solutions. The primary motivation in using cloud computing model is cost-effectiveness. These motivations can compel Information and Communication Technologies (ICT) organizations to shift their sensitive data and critical infrastructure on cloud environments. Because of the complex nature of underlying cloud infrastructure, the cloud environments are facing a large number of challenges of misconfigurations, cyber-attacks, root-kits, malware instances etc which manifest themselves as a serious threat to cloud environments. These threats noticeably decline the general trustworthiness, reliability and accessibility of the cloud. Security is the primary concern of a cloud service model. However, a number of significant challenges revealed that cloud environments are not as much secure as one would expect. There is also a limited understanding regarding the offering of secure services in a cloud model that can counter such challenges. This indicates the significance of the fact that what establishes the threat in cloud model. One of the main threats in a cloud model is of cost-effectiveness, normally cloud providers reduce cost by sharing infrastructure between multiple un-trusted VMs. This sharing has also led to several problems including co-location attacks. Cloud providers mitigate co-location attacks by introducing the concept of isolation. Due to this, a guest VM cannot interfere with its host machine, and with other guest VMs running on the same system. Such isolation is one of the prime foundations of cloud security for major public providers. However, such logical boundaries are not impenetrable. A myriad of previous studies have demonstrated how co-resident VMs could be vulnerable to attacks through shared file systems, cache side-channels, or through compromising of hypervisor layer using rootkits. Thus, the threat of cross-VM attacks is still possible because an attacker uses one VM to control or access other VMs on the same hypervisor. Hence, multiple methods are devised for strategic VM placement in order to exploit co-residency. Despite the clear potential for co-location attacks for abusing shared memory and disk, fine grained cross-VM network-channel attacks have not yet been demonstrated. Current network based attacks exploit existing vulnerabilities in networking technologies, such as ARP spoofing and DNS poisoning, which are difficult to use for VM-targeted attacks. The most commonly discussed network-based challenges focus on the fact that cloud providers place more layers of isolation between co-resided VMs than in non-virtualized settings because the attacker and victim are often assigned to separate segmentation of virtual networks. However, it has been demonstrated that this is not necessarily sufficient to prevent manipulation of a victim VM’s traffic. This thesis presents a comprehensive method and empirical analysis on the advancement of co-location attacks in which a malicious VM can negatively affect the security and privacy of other co-located VMs as it breaches the security perimeter of the cloud model. In such a scenario, it is imperative for a cloud provider to be able to appropriately secure access to the data such that it reaches to the appropriate destination. The primary contribution of the work presented in this thesis is to introduce two innovative attack models in leading cloud models, impersonation and privilege escalation, that successfully breach the security perimeter of cloud models and also propose countermeasures that block such types of attacks. The attack model revealed in this thesis, is a combination of impersonation and mirroring. This experimental setting can exploit the network channel of cloud model and successfully redirects the network traffic of other co-located VMs. The main contribution of this attack model is to find a gap in the contemporary network cloud architecture that an attacker can exploit. Prior research has also exploited the network channel using ARP poisoning, spoofing but all such attack schemes have been countered as modern cloud providers place more layers of security features than in preceding settings. Impersonation relies on the already existing regular network devices in order to mislead the security perimeter of the cloud model. The other contribution presented of this thesis is ‘privilege escalation’ attack in which a non-root user can escalate a privilege level by using RoP technique on the network channel and control the management domain through which attacker can manage to control the other co-located VMs which they are not authorized to do so. Finally, a countermeasure solution has been proposed by directly modifying the open source code of cloud model that can inhibit all such attacks

Tranexamic Acid Intravenous Overdose Administration in Primary Total Knee Arthroplasty: Case Report

Background: Topical application of tranexamic acid (TXA) to bleeding wound surfaces reduces blood loss in patients undergoing some major surgeries, without systemic complications. TXA decreases blood loss and, therefore, may minimize pain. Objective: To know the efficacy and safety of tranexamic acid intravenous overdose administration in primary total knee arthroplasty. Case study: We reported a 53 years old Saudi female ambulatory with no assisting aid and was not known to have any medical illnesses, presented to the orthopedic clinic complaining of bilateral knee pain and difficulty to ambulate for long distances for the last 5 years. This complain gradually worsened since last 2 years with no history of trauma prior to presentation or even after the follow up. The pain was localized at the knee joints and it was sharp in nature. The pain used to improve with rest and paracetamol intake and aggravated while standing or walking for long period of time. She was treated surgically by total knee arthroplasty, however during the operation by mistake she was given 4000 mg of tranexamic acid through IV route instead of topical application. Conclusion: Administration of 4000 mg of tranexamic acid through IV route is unusual but it seems to be safe without side effect on the patient in the early postoperative period

Cross-VM Network Channel Attacks and Countermeasures within Cloud Computing Environments

Cloud providers attempt to maintain the highest levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-located VMs and processes separate. This logical isolation creates an internal virtual network to separate VMs co-residing within a shared physical network. However, as co-residing VMs share their underlying VMM (Virtual Machine Monitor), virtual network, and hardware are susceptible to cross VM attacks. It is possible for a malicious VM to potentially access or control other VMs through network connections, shared memory, other shared resources, or by gaining the privilege level of its non-root machine. This research presents a two novel zero-day cross-VM network channel attacks. In the first attack, a malicious VM can redirect the network traffic of target VMs to a specific destination by impersonating the Virtual Network Interface Controller (VNIC). The malicious VM can extract the decrypted information from target VMs by using open source decryption tools such as Aircrack. The second contribution of this research is a privilege escalation attack in a cross VM cloud environment with Xen hypervisor. An adversary having limited privileges rights may execute Return-Oriented Programming (ROP), establish a connection with the root domain by exploiting the network channel, and acquiring the tool stack (root domain) which it is not authorized to access directly. Countermeasures against this attacks are also presente

Cointegration of Stock Market Returns: A Case of Asian Countries

The purpose of this study is to investigate the cointegration of stock market returns within and between the developed, emerging and frontier Asian countries for the period 1995 to 2014. The sub-periods including 1997-98 and 2008 to 2011 (crises periods) and 1995-96, 1999 to 2007, and 2012 to 2014 (tranquil periods) are also investigated. Applying the ARDL cointegration approach, the evidence of significant linkage within and between these Asian countries is obtained, over the long-run. Further, the ECM or the VAR techniques for the short-run dynamics, the short-term causal relationships of stock market returns, between most of the sampled Asian stock markets, are also used. It is also observed that those pairs of countries which do not show the stock market returns cointegration in the periods of tranquil; exhibit cointegration in the periods of financial crises, due to contagion or spillover of asset prices. The outcome of this study would be useful for economists, policy makers and investors to assess the international shocks and improve risk management and increase their portfolio diversification benefits

Can HRM be Affirmed as a System? Applying General Systems Theory (GST) on Human Resource Management

General System Theory (GST) has presented some key concepts that Strategic HRM researchers use to link different HR Systems with organizational strategic goals and performance. In order to apply General System Theory’s underpinnings in Strategic HR literature and to establish the point that GST’s key concepts can be used to explore HR systems, it is necessary to first prove that HR as a distinct function of any organization and can be declared as a system. It is possible, if researchers can prove that all or most of the key concepts presented by GST are present in organization’s HR function and thus Systems Theory/Thinking principles can be applied to design and manage HR function. This conceptual paper takes a look at literature and analyzes all related assumptions of general systems theory in the context of HRM and concluded that HRM can be declared as a system

Dichloridobis(N,N,N′,N′-tetra­methyl­thio­urea-κS)mercury(II)

In the title compound, [HgCl2(C5H12N2S)2], the HgII atom is located on a twofold rotation axis and is bonded in a distorted tetra­hedral coordination mode to two chloride ions and to two tetra­methyl­thio­urea (tmtu) mol­ecules through their S atoms. The crystal structure is stabilized by C—H⋯N and C—H⋯S hydrogen bonds

Knowledge, Attitude and Practices of Dengue Prevention among Non-medical Employees of Aziz Fatimah Medical and Dental College

Dengue virus is transmitted via Aedes mosquito to humans, and results in various clinical signs and symptoms ranging from an asymptomatic infection to mild flu-like symptoms and fetal hemorrhagic fever. Keeping in view the current epidemic of dengue fever in Lahore, this study aimed to assess the knowledge, attitude, and practices of non-medical employees of the Aziz Fatimah Medical and Dental College, FSD so that an effective awareness campaign could be started at the institutional level. Our results indicate that non-medical employees of Aziz Fatimah Medical and Dental College, FSD Aziz Fatimah Medical and Dental College, FSD showed a satisfactory level of knowledge, and high percentage of positive attitude and practices towards dengue prevention. A significant relation was established between knowledge related to dengue prevention and level of education. Future endeavors for health education related to dengue prevention should focus on people with lower level of education

Primary Renal Squamous Cell Carcinoma: An Unusual Malignancy

Malignancies of the upper urinary tract are rare, accounting for about 8% of all malignancies of the renal system, presenting mostly as urothelial carcinoma. Squamous cell carcinoma (SCC) arising from the upper urinary tract is even more rare, accounting for about 0.5% of all malignancies of the renal system and 10% of all renal pelvic tumors. There are very few case reports in the indexed literature regarding renal squamous cell carcinoma. Here we present a case of SCC arising from the lower pole of left kidney, in a 35-year-old male resident of Muzaffarabad, Azad Kashmir

Transforming Lives through Empathy, Compassion, Societal Well Being and Management Best Practices Case of Akhuwat, Pakistan

How often do we see businesses of modern world really following the principles of stakeholder theory in true letter and spirit, safeguarding the interests of large number of stakeholders not just their customers and also treating society at large as their stakeholder? Are businesses and management practices truly consistent with social contract of organizations with society? The prevalence of business with societal well-being concept is rare despite the fact that world at large is the advocate of societal well-being. The case of Akhuwat Pakistan presents various insights for modern business practitioners; small business models that have question marks with respect to their sustainability in early years can do wonders at later stages and become success case studies if business objectives are linked with social development and entrepreneurial capacity building. Akhuwat is the example where corporate social responsibility and thrust for poverty alleviation is not just a marketing tool to remain alive in popularity contest but the mechanism and inspiration to serve and love humanity. This case study is narrative in its methodology and focuses on key success factors of the organization under study. The rational and social lens application reveals that exploration of best management practices is pertinent for businesses today to replicate them by adopting universalistic management perspective for ultimate success and exaltation

SURVIVAL OUTCOMES IN EARLY GLOTTIC CARCINOMA; A SINGLE INSTITUTION EXPERIENCE

Purpose: Laryngeal cancers are amongst the most common cancers affecting head and neck region. In this study, we analyse the overall survival (OS) following hypofractionated radiotherapy (RT) in early stage glottic carcinoma treated at Shaukat Khanum Memorial Cancer Hospital and Research Centre, Lahore. Methods: Between October 2003 and June 2009, 87 patients with early stage glottic carcinoma were treated with hypofractionated RT. All patients were included in the study. The ratio of male: female is 94%:6%. Mean age was 62 years (range 31–83 years). 66% of the patients were smokers. AJCC stage was T1a in 76%, T1b 20% and T2 in 4% of the patients. Histological distribution was; squamous cell carcinoma 97%, verrucous carcinoma 2% and squamous cell spindle variant 1%. Median follow-up time was 59 months (range 4–122 months). RT dose was 55 Gy in 20 fractions over a period of 4 weeks. Median RT treatment time was 28 days (range 23–35 days). Patients that lost to follow-up were contacted through telephone. Results: The 10-year OS was 83%. Patterns of failure was 7 local and 1 distant while 1 patient had persistent disease. 15 patients were dead at the time of study. Cause of death; 13 patients died due to Ischemic heart disease and 2 due to primary disease. Conclusion: Hypofractionated RT 55 Gy in 20 fractions seems to achieve good OS while offering potential for optimizing resources usage. Key words: Glottic carcinoma, hypofractionated, overall survival, radiotherapy