POACHER TURNED GAMEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS

POACHER TURNED GAMEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS

Hypervisors have become a key element of both cloud and client computing. It is without doubt that hypervisors are going to be commonplace in future devices, and play an important role in the security industry. In this presentation, we discuss in detail the various lessons learnt whilst building and breaking various common hypervisors. In particular, we take a trip down memory lane and examine vulnerabilities found in all the popular hypervisors that have led to break-outs. To add some spice, we will talk about details of four not-yet-discussed vulnerabilities we recently discovered.

One of the key value propositions of hypervisors as they relate to security is to shrink the attack surface. However, in the quest for new features and functionality some trade-offs are made, which can prove to be fatal. While discussing the particular problems we will examine what the strong (and weak) security-related features of hypervisors are. We compare the attack surface of hypervisors with that of user mode applications and operating systems kernels, and show that the purpose and design of the hypervisor significantly changes its attack surface size. Most importantly, we make a fact based argument that many hypervisors aren't designed with security in mind. We show how superfluous code and poor design can be punished by demonstrating real examples of hypervisor break-outs.

The presentation ends with lessons learned and recommendations for hypervisor design and approaches that can be taken to harden them.

Presented by