Breaking paravirtualized devices
Instead of simply emulating old and slow hardware, modern hypervisors use paravirtualized devices to provide guests access to virtual hardware. Bugs in the privileged backend components can allow an attacker to break out of a guest, making them quite an interesting target.
In this talk, I'll present the results of my research on the security of these backend components and discuss Xenpwn, a hypervisor based memory access tracing tool used to discover multiple critical vulnerabilities in paravirtualized drivers of the Xen hypervisor.
Speakers
Felix Wilhelm
Felix Wilhelm is a security researcher working for ERNW Research. His main interests are application security, reverse engineering and virtualization security. Felix has disclosed critical vulnerabilities in popular products such as Xen, Hyper-V, IBM GPFS or FireEye's MPS and has presented his work at international conferences like Syscan, Hack in the Box, 44Con, Infiltrate and Troopers.
Detailed Presentation:
(Source: Black Hat USA 2016, Las Vegas)
Comments