Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Attacks are Forwarded - Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding

USENIX via YouTube

Overview

Explore a 14-minute conference talk from USENIX Security '23 that reveals a new attack surface for breaking the isolation of microVM-based containers. Discover how researchers identified "operation forwarding attacks" that exploit vulnerabilities in host systems running containerized applications. Learn about the three-layer component structure of microVM-based containers and the corresponding attack strategies for each layer. Examine eight specific attacks demonstrated against Kata Containers and Firecracker-based containers, including their impacts on privilege escalation, IO and CPU performance degradation, and potential host system crashes. Gain insights into experiments conducted in local environments as well as on major cloud platforms like AWS and Alibaba Cloud. Consider the security implications for containerized applications and review suggested mitigation strategies to protect against these newly discovered vulnerabilities.

Syllabus

USENIX Security '23 - Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers...

Taught by

USENIX

Reviews

Start your review of Attacks are Forwarded - Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.