Explore the critical topic of hypervisor security through Control-Flow Integrity in this 19-minute conference talk by Daniele Buono from IBM. Delve into the importance of Control-Flow Integrity and its implementation techniques. Learn about protecting the stack through Shadow Stack and Safe Stack methods, understanding their differences and applications. Discover the process of implementing Safe Stack in QEMU and safeguarding function pointers. Gain insights into implementing icall CFI in QEMU, review the status of patches, and evaluate the accomplishments. Conclude by examining future directions in hypervisor security.
Securing the Hypervisor with Control-Flow Integrity
Overview
Syllabus
Intro
Outline
Why Control-Flow Integrity
Implementing Control-Flow Integrity
Protecting the Stack - Shadow Stack The standard protection against Stack Smashing
Protecting the Stack - Safe Stack
Shadow Stack vs Safe Stack
Implementing Safe Stack in QEMU
Protecting Function Pointers
Implementing icall CFI in QEMU
Status of patches
Did we accomplish something?
What's next?
Taught by
Linux Foundation
Tags
Related Courses
-
Control Flow Integrity in the Linux Kernel
-
Control-Flow Bending - On the Effectiveness of Control-Flow Integrity
-
Control Flow Integrity in the Linux Kernel
-
Towards a Policy-Agnostic Control-Flow Integrity Implementation
-
Shining Light on Shadow Stacks
-
Lost Control - Breaking Hardware-Assisted Kernel Control-Flow Integrity with Page-Oriented Programming
