This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.
This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.
When you get out of this talk you I hope that you will reconsider your trust of virtualized cloud platforms and VMM implementations like XEN, KVM and VMWare as well as virtualization based sandboxing solutions.
The talk will touch on the following subjects / attack methods / virtualization failures (among others):
β’ PCIe
β’ SMM as a shared component between VMs and why it is dangerous
β’ STM (aka Dual Monitor) - why it is never implemented?
β’ Shared MSRs and their dangers
β’ ISA implementation challanges
β’ VT-d / IOMMU challenges
β’ Memory configuration, views and the complexity of memory management (re-mappings, PEG, System, IGD, β¦)
β’ MMIO
Finally the talk will also cover virtualization attack vectors and interesting Erratas.
For those less familiar with some computer architecture details - donβt worry. During this talk I will provide a brief introduction to subjects required to understand the technical challenges presented.
additional details and materials might be found on my company website later (see included link)