Improving the security of QEMU as a device emulator in Xen - Paul Durrant, Citrix Systems

preview_player
Показать описание
Improving the security of QEMU as a device emulator in Xen - Paul Durrant, Citrix Systems

Recent developments in Xen and Linux now provide an environment in which it is possible to effectively limit the privilege of QEMU running as a device emulator in a privileged domain. This talk will discuss how dm (device model) op hypercall, file handle restriction in privcmd, libxentoolcore and the acquire_resources new memory op all contribute to the security of a system using QEMU as device emulator for untrusted guests

About Paul Durrant
Paul Durrant is a Senior Principal Software Engineer in the XenServer platform group of Citrix Systems R&D, based in Cambridge, UK. His chief responsibilities are Windows Paravirtual drivers, Virtual GPU subsystem, and the guest storage and network data-paths. His work has given him broad experience of Xen (hypervisor, tools and firmware), PV protocols and QEMU. Paul has been a kernel level programmer since he graduated from the University of Cambridge (BA CompSci) in 1994, generally specializing in network drivers. He spent several years in Solaris kernel group at Sun Microsystems where he was responsible for the kernel network driver interface (a.k.a. GLD) and then, prior to joining Citrix, Paul spent a few years at Solarflare Communications working on their user-space low latency TCP/IP stack.
  1. The Xen Project
Рекомендации по теме
Improving the security 0:34:15

Improving the security of QEMU as a device emulator in Xen - Paul Durrant, Citrix Systems

Improving the security 0:34:15

Improving the security of QEMU as a device emulator in Xen - Paul Durrant, Citrix Systems

Stop using Virtualbox, 0:06:38

Stop using Virtualbox, Here's how to use QEMU instead

Hunting and Exploiting 0:22:09

Hunting and Exploiting Recursive MMIO Flaws in QEMU KVM

Qemu/KVM - How 0:04:25

Qemu/KVM - How to Increase Disk Size

Security in QEMU: 0:42:48

Security in QEMU: How Virtual Machines Provide Isolation by Stefan Hajnoczi

“Getting started with 0:34:16

“Getting started with meta-selinux - enhancing system security on QEMU” by Tomasz Żyjewski

QEMU 2.x and 0:49:27

QEMU 2.x and Beyond: The Foundation of the Open Cloud - Anthony Liguori

Alcatraz: A Practical 0:38:28

Alcatraz: A Practical Hypervisor Sandbox to Prevent Escapes from the KVM/QEMU and KVM-Based MicroVMs

Secure and Customized 0:08:41

Secure and Customized Hypervisor with Qemu – Daniele Buono, IBM

QEMU Poisoned with 0:02:11

QEMU Poisoned with VENOM - Daily Security Byte EP.83

Improving Guest Management 0:42:41

Improving Guest Management via the QEMU Guest Agent - Michael Roth, IBM

Is QEMU too 0:25:07

Is QEMU too Complex, and What Can we do About It? - Paolo Bonzini, Red Hat, Inc.

Scavenger: Misuse Error 0:35:10

Scavenger: Misuse Error Handling Leading to Qemu/KVM Escape

#HITB2023HKT D1T2 - 0:52:37

#HITB2023HKT D1T2 - Timekiller: Escape From QEMU/KVM - Y. Jia, X. Lei, Yiming Tao, G. Pan & C. W...

#HITBGSEC 2017 Conf 0:36:39

#HITBGSEC 2017 Conf D2 - QEMU Attack Surface And Security Internals - Qiang Li & ZhiBin Hu

Learn about Qemu 0:04:37

Learn about Qemu and Solve -Virtualization support not available on your System- Error

Developing the RISC-V 0:31:39

Developing the RISC-V Hypervisor Extensions in QEMU - Alistair Francis, Western Digital

QEMU_3: Setting Up 0:08:18

QEMU_3: Setting Up GDB With QEMU User Mode

VMware vs VirtualBox 0:09:19

VMware vs VirtualBox vs Hyper-V vs QEMU | Best Option for 2025

Amazing Privacy Ideas 0:21:02

Amazing Privacy Ideas with KVM Virtual Machines

1i: Hannu Lyytinen: 0:32:47

1i: Hannu Lyytinen: Using QEMU to extend seL4 VirtIO support

Quick and Easy 0:02:00

Quick and Easy Fix! Automatically Resize xfce and Kali in QEMU/KVM VM

I'm surprised this 0:13:04

I'm surprised this is even possible!

Комментарии
Автор

if we run all VM in a PVH mode + EFI, then can we do without QEMU?

fbifido