Explore the security journey of rust-vmm in this 20-minute conference talk by Andreea Florescu from Amazon. Gain insights into the components and examples of rust-vmm, learn about the organization setup for security audits, and discover strategies to reduce unsafe code. Delve into the importance of documentation, understand the simplified operation mode, and examine threat models for serial console. Investigate the process of fuzzing virtualization components, learn how to prepare Virtio components for fuzzing, and understand the proper procedures for reporting security vulnerabilities in the rust-vmm project.
Overview
Syllabus
Intro
A Short Intro
Components - Examples
Security Journey
Organization Setup
Audit for Vulnerabilities
Development
Reduce Unsafe Code
Documentation
Overly Simplified Operation Mode
Serial Console – Threat Model (2)
Fuzzing Virtualization Components
Preparing Virtio Components for Fuzzing
Reporting Security Vulnerability
Taught by
Linux Foundation
