Description: Virtually Impossible: The Reality Of Virtualization Security
Errata FTW
This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.
When you get out of this talk you I hope that you will reconsider your trust of virtualized cloud platforms and VMM implementations like XEN, KVM and VMWare as well as virtualization based sandboxing solutions. The talk will touch on the following subjects / attack methods / virtualization failures (among others):
⢠PCIe
⢠SMM as a shared component between VMs and why it is dangerous
⢠STM (aka Dual Monitor) - why it is never implemented?
⢠Shared MSRs and their dangers
⢠ISA implementation challanges
⢠VT-d / IOMMU challenges
⢠Memory configuration, views and the complexity of memory management (re-mappings, PEG, System, IGD, â¦)
⢠MMIO Finally the talk will also cover virtualization attack vectors and interesting Erratas. For those less familiar with some computer architecture details - donât worry. During this talk I will provide a brief introduction to subjects required to understand the technical challenges presented. additional details and materials might be found on my company website later (see included link)
For More Information please visit : - https://events.ccc.de/congress/2013/wiki/Main_Page
Tags: securitytube , hacking , hackers , information security , convention , computer security , 30c3 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.