Software Attacks on Hypervisor Emulation of Hardware

Presented at TROOPERS17 (2017), March 22, 2017, 10:30 a.m. (Unknown duration)

In this presentation we will demonstrate multiple vulnerabilities in the hardware emulation functionality of hypervisors. We will explain methods, including fuzzers in the CHIPSEC framework, to find vulnerabilities in such interfaces and present details about vulnerabilities in VirtualBox and QEMU hypervisors. Also we are going to demonstrate how to use emulation issues as a general approach for hypervisor fingerprinting.

Presenters:

• Oleksandr Bazhaniuk
  Oleksandr Bazhaniuk is a security researcher in the Advanced Threat Research team at Intel, Inc. His primary interests are low-level hardware security, bios/uefi security, and automation of binary vulnerability analysis. His work has been presented at many conferences, including Black Hat USA, Hack In The Box, Hackito Ergo Sum, Positive Hack Days, Toorcon, CanSecWest, Troopers, USENIX. He is also a co-founder of DCUA, the first DefCon group in Ukraine.

Links:

• https://troopers.de/troopers17/talks/749-software-attacks-on-hypervisor-emulation-of-hardware/
• https://infocon.org/cons/TROOPERS/TROOPERS 2017/Software Attacks on Hypervisor Emulation of Hardware Oleksandr Bazhaniuk.mp4
• https://troopers.de/downloads/troopers17/TR17_Attacking_hypervisor_through_hardwear_emulation.pdf

Similar Presentations:

• Black Hat USA 2014 / Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors
• Black Hat USA 2015 / Attacking Hypervisors Using Firmware and Hardware
• DEF CON 23 (2015) / Attacking Hypervisors Using Firmware and Hardware