Virtually Impossible: The Reality Of Virtualization Security: Errata FTW

Presented at 30C3 (2013), Dec. 29, 2013, 9:45 p.m. (60 minutes).

This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk. This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk. When you get out of this talk you I hope that you will reconsider your trust of virtualized cloud platforms and VMM implementations like XEN, KVM and VMWare as well as virtualization based sandboxing solutions. The talk will touch on the following subjects / attack methods / virtualization failures (among others): • PCIe • SMM as a shared component between VMs and why it is dangerous • STM (aka Dual Monitor) - why it is never implemented? • Shared MSRs and their dangers • ISA implementation challanges • VT-d / IOMMU challenges • Memory configuration, views and the complexity of memory management (re-mappings, PEG, System, IGD, …) • MMIO Finally the talk will also cover virtualization attack vectors and interesting Erratas. For those less familiar with some computer architecture details - don’t worry. During this talk I will provide a brief introduction to subjects required to understand the technical challenges presented. additional details and materials might be found on my company website later (see included link)

Presenters:

  • Gal Diskin
    Gal Diskin is the Chief Research Officer at Cyvera LTD (www.cyvera.com). Cyvera provides game-changing security solutions to protect organizations from targeted attacks. The company philosophy is centered around obstruction methodology in difference from the old-school detection approach common today. Prior to that Gal was the Security Evaluation Architect of the Software and Services Group at Intel®. Gal is a frequent speaker in conferences and has presented his research in BlackHat, Defcon, Hack In The Box and various other conferences. Gal Diskin is the Chief Research Officer at Cyvera LTD (www.cyvera.com). Cyvera provides game-changing security solutions to protect organizations from targeted attacks. The company philosophy is centered around obstruction methodology in difference from the old-school detection approach common today. Prior to working for Cyvera Gal was the Security Evaluation Architect of the Software and Services Group at Intel®. As part of his work for Intel Gal has worked on the security of virtualization features, trusted execution environments (TEEs), BIOS as well as other software, hardware and firmware features. Prior to that Gal has worked as part of the development team for the PIN binary instrumentation engine. Before Intel Gal has done various jobs in information security, programming and IT including consulting, running his own startup company (Diskin Security Technologies), working for the military and various other gigs. Gal is a frequent speaker in conferences and has presented his research in BlackHat, Defcon, Hack In The Box, ZeroNights and various other conferences.

Links:

Similar Presentations: