Explore a comprehensive conference talk on protecting guest kernels in cloud environments using hypervisor-based integrity. Delve into Google's approach to enhancing cloud security, covering topics such as threat modeling, runtime protection, and the role of hypervisors as an additional security layer. Learn about the overall plan for both boot time and runtime security, performance impacts, technical challenges, and necessary changes for KVM/QEMU implementation. Gain insights into future developments and other security considerations in this informative presentation by Ning Yang and Forrest Yuan Yu from Google.
Hypervisor-Based Integrity: Protecting Guest Kernels in Cloud Environments
Overview
Syllabus
Google Cloud
Disclaimer
Background
Threat Model
Protect the guest kernel at runtime
Why hypervisor as another security layer?
Overall Plan - Boot Time: Guest
Overall Plan - Boot Time: Hypervisor
Overall Plan - Run Time
Performance Impact
Technical challenges
Example
Changes needed for KVM/QEMU
For the Future
Other security considerations
Summary
Taught by
Linux Foundation
