Description: Virtual devices are key building blocks of virtual machines. Any flaws or vulnerabilities in a virtual device directly threaten the security of the whole virtual machine. In this talk, we will present our experience detecting bugs in virtual devices by comparing a virtual device to its physical counterpart.
Since the device drivers in a guest operating system assume the virtual devices behave the same as the physical devices, any diverging behavior could potentially cause problems for the device drivers and threaten the security of the guest operating system and the virtual machine platform. We compared the QEMU/KVM virtual implementations of the e1000 and eepro100 to their physical counterparts and found multiple bugs in each, one of which was confirmed to affect guest OS security, leading to CVE-2012-6075.
Our talk will cover the basic idea of using virtual and physical device comparison for fuzzing virtual devices, and additionally describe the observability of each device type, methods for capturing device events and states, and methods for comparing between them with only partial state information. We will explain each of these steps using the real examples that led to our discovery of bugs in the e1000 and eepro100 virtual devices. We expect this talk to attract a traditional OS security audience as well as people interested in new testing methods for cloud environments.
For More Information please visit : - http://www.blackhat.com/us-13/briefings.html
Tags: securitytube , hacking , hackers , information security , convention , computer security , blackhat-usa-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.