Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
Don’t miss this great event - register now! 
View analytic
Wednesday, August 24 • 4:35pm - 5:25pm
Kernel Protection Using Hardware-Based Virtualization - Jun Nakajima & Sainath Grandhi, Intel

Sign up or log in to save this to your schedule and see who's attending!

We propose that the Linux run in virtualization mode, activating hardware virtualization features to improve security and monitoring. Hardware enforced virtualization features can be used for hardening the kernel, by protecting key kernel data structures and locking the processor state when the processor is executing in guest mode. Security features from the latest processors can be added to virtual processors. Kernels running on platforms with processors from older generations are benefitted.

For the bare-metal, we have added a thin hypervisor to the kernel, and we have extended KVM for guest kernels so that they can identify this capability as a CPU feature, become enlightened and work with the hypervisor to lock and monitor kernel resources and processor state.

In this talk we will present the idea, its benefits and the work we have done in Linux/KVM.

Speakers
SG

Sainath Grandhi

Intel
Work for Intel in Open Source Virtualization group. Work on Xen and KVM kernel feature enabling. Currently working on a project that is a solution to run containers with a hypervisor underneath to provide security and resource isolation.
avatar for Jun Nakajima

Jun Nakajima

Senior Principal Engineer, Intel Open Source Technology Center
Jun Nakajima is a Senior Principal Engineer leading open source virtualization and cloud projects, such as, KVM, Xen, and OpenStack at the Intel Open Source Technology Center. Jun has been working on various virtualization projects for almost a decade, and NFV is one of his ongoing projects. Jun presented a number of times at technical conferences, including KVM Forum, Xen Summit, and USENIX. He has over 20 years of experience with operating... Read More →


Wednesday August 24, 2016 4:35pm - 5:25pm
Harbour A

Attendees (18)