Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
Don’t miss this great event - register now! 
View analytic
Wednesday, August 24 • 11:55am - 12:35pm
Performant Security Hardening of KVM - Steve Rutherford, Google

Sign up or log in to save this to your schedule and see who's attending!

Guest escapes and host information leaks in KVM are a causes for great concern. This talk covers a safer mode for KVM on x86 that is intended to reduce the frequency of such exploits, without decreasing performance. By removing complex, non-performance critical devices from KVM (namely, legacy interrupt controllers and the instruction emulator), the host kernel can expose less attack surface to the guest. This talk analyzes the guest exposed attack surface of KVM, as well as the performance and security implications of this new mode in production.

Speakers
SR

Steve Rutherford

Google
Steve is a Software Engineer on Google's Virtualization Security team, which maintains the security of Google Compute Engine. Steve's recent projects include KVM attack surface reduction (pulling legacy interrupt controllers out of KVM), which was merged into the 4.4 kernel.


Wednesday August 24, 2016 11:55am - 12:35pm
Harbour A

Attendees (18)