CSA Summit CEE and BSides Ljubljana 2017

At the end of last week I had the pleasure to visit the CSA Summit CEE and the Bsides Event in Ljubljana.

At CSA, I was talking about hypervisors, breakouts and an overview of security measures to protect the host. (Slides)
This ranged from the basic features some hypervisors provide out of the box to advanced features like SELinux, device domain models and XSM-FLASK.

Most of the other talks were more targeted towards management level employees, but even as a fairly technical person I found Mike Bursell’s talk  highly interesting. After my talk about securing the host system from a malicious guest, he dealt with the inverse: Technologies to protect a guest from a malicious or compromised host.

At BSides Ljubljana, I was talking about Binary Analysis Frameworks e.g Angr, Triton and others.
My slides can be found here, the video recording of the presentation should be available soon too. The cheat-sheet mentioned can be found in the official repository and will be maintained there.

Both conferences provided a great opportunity to meet interesting people and were small enough to get to know (nearly) everyone.



Continue reading

Analysis of Hypervisor Breakouts

In the course of a current virtualization research project, I was reviewing a lot of documentation on hypervisor security. While “hypervisor security” is a very wide field, hypervisor breakouts are usually one of the most (intensely) discussed topics. I don’t want to go down the road of rating the risk of hypervisor breakouts and giving appropriate recommendations (even though we do this on a regular base which, surprisingly often, leads to almost religious debates. I know I say this way too often:I’ll cover this topic in a future post ;)), but share a few observations of analyzing well-known examples of vulnerabilities that led to guest-to-host-escape scenarios. The following table provides an overview of the vulnerabilities in question:
Continue reading “Analysis of Hypervisor Breakouts”

Continue reading