filmov
tv
#HITBGSEC 2017 Conf D2 - QEMU Attack Surface And Security Internals - Qiang Li & ZhiBin Hu
Показать описание
QEMU is a fundamental part of modern open source virtualization solution, especially in KVM and Xen. As a complete virtualization solution, QEMU should emulate the processor, memory and peripheral device. These makes QEMU very complex and exposes a lot of attack surfaces. In this year, we did a deep vulnerability discovery in QEMU and discovered 60+ vulnerabilities and got 70+ CVE now. We have summarized kinds of the attack surface and vulnerability types in QEMU.
In this presentation, we will talk about the attack surfaces of QEMU and how to discover vulnerabilities in these attack surface. The talk will contain the following parts:
1. A brief introduction to virtualization and qemu/kvm.
2. qemu attack surfaces—from the vm
This will contain the internals of device emulation—one of the most attack surfaces in qemu. This will contain the virtio device, once has not been discussed in security conference. And we will talk about the kinds of vulnerability in device emulation.
3. qemu attack surfaces—from the external
This will contains the vnc/spice/qmp/, these is used to interact with qemu from outside. This can be used to make a remote attack.
4. Summary – We will give a summary of the vulnerabilities our team has found.
===
Qiang Li is a security researcher of Gear Team at Qihoo 360, mainly focus on vulnerability discovery and vulnerability analysis. He is currently working on cloud and virtualization security and discovered a lot of vulnerabilities in the last year and got 70+ CVE now. He has made some talks in security conference, Ruxcon 2017(Melbourne), ISC 2016(Beijing) and CanSecWest 2017(Canada).
---
ZhiBin Hu is a security researcher of Gear Team at Qihoo 360, last several years mainly focus on vulnerability discovery and analysis on windows, and receive msrc top 19 in 2015. Recent two years interested in cloud security. He has made talks on several conference, such as Ruxcon 2016, RootedCON 2017 and in CanSecWest 2017.
In this presentation, we will talk about the attack surfaces of QEMU and how to discover vulnerabilities in these attack surface. The talk will contain the following parts:
1. A brief introduction to virtualization and qemu/kvm.
2. qemu attack surfaces—from the vm
This will contain the internals of device emulation—one of the most attack surfaces in qemu. This will contain the virtio device, once has not been discussed in security conference. And we will talk about the kinds of vulnerability in device emulation.
3. qemu attack surfaces—from the external
This will contains the vnc/spice/qmp/, these is used to interact with qemu from outside. This can be used to make a remote attack.
4. Summary – We will give a summary of the vulnerabilities our team has found.
===
Qiang Li is a security researcher of Gear Team at Qihoo 360, mainly focus on vulnerability discovery and vulnerability analysis. He is currently working on cloud and virtualization security and discovered a lot of vulnerabilities in the last year and got 70+ CVE now. He has made some talks in security conference, Ruxcon 2017(Melbourne), ISC 2016(Beijing) and CanSecWest 2017(Canada).
---
ZhiBin Hu is a security researcher of Gear Team at Qihoo 360, last several years mainly focus on vulnerability discovery and analysis on windows, and receive msrc top 19 in 2015. Recent two years interested in cloud security. He has made talks on several conference, such as Ruxcon 2016, RootedCON 2017 and in CanSecWest 2017.
0:36:39
0:44:24
0:56:20
0:47:21
0:56:31
0:44:35
0:59:34
0:34:25
0:46:44
0:28:57
0:42:32
0:37:28
0:27:46
0:44:08
0:32:01
0:55:25
0:47:52
0:19:20
0:27:55
0:50:23
0:34:23
0:59:25
0:13:57
1:00:10