Xen exploit talk at Black Hat
78 views
Skip to first unread message
J.M. Porup
Jul 7, 2016, 3:45:35 PM7/7/16
to qubes...@googlegroups.com
https://www.blackhat.com/us-16/briefings.html#ouroboros-tearing-xen-hypervisor-with-the-snake
Ouroboros: Tearing Xen Hypervisor with the Snake
The Xen Project has been a widely used virtualization platform powering
some of the largest clouds in production today.
Sitting directly on the hardware below any operating systems, the Xen
hypervisor is responsible for the management of CPU/MMU and guest
operating systems.
Guest operating systems cound be controled to run in PV mode using
paravirtualization technologies or HVM mode using hardware-assisted
virtualization technologies.
Compare to HVM mode, PV mode guest OS kernel could recognize the
existence of hypervisor and, thus, work normally via hypervisor
inferfaces which are called hypercalls. While performing priviledged
operations, PV mode guest OS would submit requests via hypercalls then
the hypervisor do these operations for it after verifying its requests.
Inspired by Ouroboros, an ancient symbol with a snake bitting its tail,
our team has found a critical verification bypass bug in Xen hypervisor
and that will be used to tear the hypervisor a hole. With sepecific
exploition vectors and payloads, malicious PV guest OS could control not
only the hypervisor but also all other guest operating systems running
on current platform.
by Shangcong Luan of Alibaba
https://www.blackhat.com/us-16/speakers/Shangcong-Luan.html
Ouroboros: Tearing Xen Hypervisor with the Snake
The Xen Project has been a widely used virtualization platform powering
some of the largest clouds in production today.
Sitting directly on the hardware below any operating systems, the Xen
hypervisor is responsible for the management of CPU/MMU and guest
operating systems.
Guest operating systems cound be controled to run in PV mode using
paravirtualization technologies or HVM mode using hardware-assisted
virtualization technologies.
Compare to HVM mode, PV mode guest OS kernel could recognize the
existence of hypervisor and, thus, work normally via hypervisor
inferfaces which are called hypercalls. While performing priviledged
operations, PV mode guest OS would submit requests via hypercalls then
the hypervisor do these operations for it after verifying its requests.
Inspired by Ouroboros, an ancient symbol with a snake bitting its tail,
our team has found a critical verification bypass bug in Xen hypervisor
and that will be used to tear the hypervisor a hole. With sepecific
exploition vectors and payloads, malicious PV guest OS could control not
only the hypervisor but also all other guest operating systems running
on current platform.
by Shangcong Luan of Alibaba
https://www.blackhat.com/us-16/speakers/Shangcong-Luan.html
Reply all
Reply to author
Forward
0 new messages