back

Virtually Impossible: The Reality Of Virtualization Security

Errata FTW

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:59:13
Language
English
Abstract
This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.

This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.

When you get out of this talk you I hope that you will reconsider your trust of virtualized cloud platforms and VMM implementations like XEN, KVM and VMWare as well as virtualization based sandboxing solutions.

The talk will touch on the following subjects / attack methods / virtualization failures (among others):
• PCIe
• SMM as a shared component between VMs and why it is dangerous
• STM (aka Dual Monitor) - why it is never implemented?
• Shared MSRs and their dangers
• ISA implementation challanges
• VT-d / IOMMU challenges
• Memory configuration, views and the complexity of memory management (re-mappings, PEG, System, IGD, …)
• MMIO

Finally the talk will also cover virtualization attack vectors and interesting Erratas.

For those less familiar with some computer architecture details - don’t worry. During this talk I will provide a brief introduction to subjects required to understand the technical challenges presented.

additional details and materials might be found on my company website later (see included link)

Talk ID
5445
Event:
30C3
Day
3
Room
Saal 6
Start
9:45 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
Gal Diskin
Talk Slug & media link
30C3_-_5445_-_en_-_saal_6_-_201312292145_-_virtually_impossible_the_reality_of_virtualization_security_-_gal_diskin
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
8.2% Transcribing done8.2%
91.8% Nothing done yet91.8%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 1 year, 1 month ago