Lars Kurth Community Manager, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix
|
|
- Candice Hall
- 6 years ago
- Views:
Transcription
1 Lars Kurth Community Manager, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix lars_kurth Presentations on
2 Cloud 1. Virtual Machine Introspection (with demo) 2. Vulnerability Management In Xen Project 3. Live Patching (with demo) Embedded & Automotive 5. Why Virtualize Embedded Systems 8. Additional Security Properties of Xen 9. Xen Project In Security Applications 10. Xen Project in Embedded and Automotive (with demo) 12. Conclusion Bonus Material: Embedded & Automotive (Slide 49) 6. Hypervisor Architectures on ARM 7. PV Drivers and Protocols for Embedded Use-Cases 11. Schedulers and interrupt latency Bonus Material: Security (Slide 67) 4. Assessing a FOSS Project s Security Record
3
4
5
6
7 A new way to protect against malware Developed by Zentific, Citrix, Bitdefender, Intel and others
8 Installed in-guest agents, e.g. anti-virus software, VM disk & memory scanner, network monitor, etc. Can be disabled by rootkits Dom0 VM 2 VM 3 VM n App App App Dom0 Kernel Guest OS Guest OS Guest OS Drivers Agent(s) Agent(s) Agent(s)
9 Uses HW extensions to monitor memory (e.g. Intel EPT) Low Intrusion Register rules with Xen to trap on and inspect suspicious activities (e.g. execution of memory on the dynamic heap) Several Protected area Dom0 Security Appliance VM 1 VM VM 2 2 App VM VM 3 3 App VM VM n n App Dom0 Kernel Drivers Introspection Engine Guest OS Guest OS Guest OS authentication mechanism to protect the IF
10 All malware need an attack technique to gain a foothold Attack techniques exploit specific software bugs/vulnerability Most exploits use one of a small set of attack techniques Buffer Overflows, Heap Sprays, Code Injection, API Hooking, Because VMI protects against attack techniques It can protect against entirely new malware Verified to block these advanced attacks in real-time APT28, Energetic Bear, DarkHotel, Epic Turla, Regin, ZeuS, Dyreza, EternalBlue solely by relying on VMI WannaCry/EternalBlue blocked in real installations 1 1 businessinsights.bitdefender.com/hypervisor-introspection-defeated-enternalblue-a-priori
11 Rootkits Exploit 0-days in Operating Systems/System Software Can disable agent based security solutions (mask their own existence) VMI solutions operate from outside the VM Thus, it cannot be disabled using traditional attack vectors BUT: VMI is not a replacement, for traditional security solutions It is an extra tool that can be used to increase protection
12 Documentation wiki.xenproject.org/wiki/virtual_machine_introspection Products Bitdefender HVI XenServer Protection & Remedial Monitoring & Admin Citrix Ready AIS Introvirt XenServer Zentific Zazen Xen & XenServer & Protection & Remedial Monitoring & Admin Forensics & Data gathering Malware analysis Pratap Flickr
13 Pratap Flickr
14 Result of several community consultations
15
16 Fixing Security Bugs: Dedicated security team = security experts from within the Xen Project Community R P Security Team: Triage Creation of fix/patches Validation of fix/patches Assignment of CVE Issue description and risk analysis R: Vulnerability reported to security@xenproject.org P: Vulnerability pre-disclosed on xen-security-issues@lists.xenproject.org
17 R Fix their systems/software: Eligible Xen Project Users are informed under embargo of the vulnerability P A Eligible Users = Pre-disclosure list members: Product Companies, Open Source & Commercial Distros (e.g. Huawei, Debian) Service/Cloud Providers (e.g. Alibaba) Large Private Downstream (e.g. Google) Allowed to share information via xen-security-issues- discuss@lists.xenproject.org R: Vulnerability reported to security@xenproject.org P: Vulnerability pre-disclosed on xen-security-issues@lists.xenproject.org A: Vulnerability announced on xen-announce@lists.xenproject.org & xenbits.xen.org/xsa
18 General Publication: Information about vulnerability is made public R P A X Everyone else: Patches their systems either through security updates from distros/products or builds them from source. Users of service/cloud providers will not be impacted R: Vulnerability reported to security@xenproject.org P: Vulnerability pre-disclosed on xen-security-issues@lists.xenproject.org A: Vulnerability announced on xen-announce@lists.xenproject.org & xenbits.xen.org/xsa
19 Product Vendors: Create and test live patches Product customers: Apply live patches here R P A X Security Team: Can a Livepatch can be created? No? If possible, re-write fix/patches Service Providers: Create, test and deploy live patches Users of service/cloud providers will not be impacted R: Vulnerability reported to security@xenproject.org P: Vulnerability pre-disclosed on xen-security-issues@lists.xenproject.org A: Vulnerability announced on xen-announce@lists.xenproject.org & xenbits.xen.org/xsa
20 A tale of close collaboration within the Xen Project Community
21 Replacing compiled functions with new code, encoded in an ELF file called payload, while the hypervisor is running without impacting running guests. const char *xen_extra_version(void) { return XEN_EXTRAVERSION; } push %rbp mov %rsp,%rbp lea 0x16698b(%rip),%rax leaveq retq const char *xen_extra_version(void) { return Hello World ; } push %rbp mov %rsp,%rbp lea 0x29333b(%rip),%rax leaveq Retq Design: xenbits.xenproject.org/docs/unstable/misc/livepatch.html
22 The exact source tree used to build the running Xen instance. The.config from the original build of Xen. A build-id onto which the livepatch will be applied. A source patch. livepatchbuildtools The exact same compilation toolchain used to build the running Xen. Livepatch payload
23 Supports stacking of different payloads; payloads depend on build-id Functionality: list: lists loaded and applied live patches upload: load & verify a live patch unload: unload a live patch apply: apply a live patch Depends on build-id of XSA 214 Depends on build-id of XSA 213 Depends on build-id of revert: un-apply a live patch Xen XSA 215 XSA 214 XSA 213
24 Target Technology Function + Data Data Structures Inline f() patching XenServer LivePatch Kernel Live Patching Dom0 & Guest Linux Kernel kgraft (SUSE) kpatch (RedHat) via hooks For Dom0 (CentOS) ksplice (Oracle) Hypervisor Xen LivePatch Xen 4.7 Xen 4.8 via hooks Future For Xen Integrates different solutions into a single user experience
25 Source patches + other build artifacts (livepatch-build or kpatch-build) package Live Live Patch Patch build for each patch level RPM RPM build for most recent patch level Hot Fixes contain Per valid patch level: a Xen or Dom0 Live Patch Matching RPMs for most recent patch level In case of a reboot or for Xen/Dom0 not capable of Live Patching Extensive Verification and Validation: The process of patching a live hypervisor or kernel is not an easy task. What happens is a little bit like open heart surgery. The patient is the hypervisor and/or Dom0 itself, and precision and care are needed to get things right. One wrong move and it is game over. Hot Fix Verification Publication Hot Fix RPMs LPs Validation Signing RPMs LPs (iso) Q&A
26 updates (such that after reboot the patches are applied) RPM Hot Fix LPs works out correct LP & updates Dom0 Dom0 Kernel (CentOS) Disk XAPI Toolstack (using native live patching tools or APIs) Hypervisor Running System instance that supports live patching RPM Hot Fix LPs download XenCenter or xe Initiates host update SysAdmin
27 xenbits.xenproject.org/people/larsk/lcc17 - Build LivePatch.mp4 xenbits.xenproject.org/people/larsk/lcc17 - Apply LivePatch.mov Pratap Flickr
28
29 Xen Project LivePatch Specification & Status xenbits.xenproject.org/docs/unstable/misc/livepatch.html wiki.xenproject.org/wiki/livepatch Xen Project LivePatch Presentations & Videos xenbits.xenproject.org/people/larsk/fosdem17-livepatch.pdf (Short) people/larsk/xpds16-livepatch.pdf (Long) Xen Project LivePatch Videos fosdem.org/2017/schedule/event/iaas_livepatxen/ XenServer xenserver.org Pratap Flickr
30
31 Consolidation Reduce cost, size, weight, power consumption and heat emission (already an issue today in cars) CAN bus scalability / Architecture complexity Reduce development costs: platform independence Security and Safety Separate safety critical apps from general apps Safety Certification of the Hypervisor Embedded Requirements (Bonus) Minimal IRQ latency Low or 0 scheduling overhead Drivers for special I/O devices Flexible architecture
32 System Partitioning Sandboxing drivers & system components Fine-grain control of VM capabilities Enables multi-layered security approach Other Security Features Trusted Execution Environment (TEE) Virtual Machine Introspection, alt2pm Live Patching
33 Application Storage Domain Network Domain Dom0 Kernel Guest Kernel Guest Kernel* Guest Kernel* NetFront Driver NetBack Driver BlockFront Driver BlockBack Driver Network Driver Disk Driver Xen Project Hypervisor Disk Controller Network Controller Driver Domain Guest OS*: Linux, BSD, MiniOS, unikernel,
34 VM Fine-grained policy, controlling which hypervisor functionality is accessible to this (class of) VM Effect: limit what an exploit in this VM could do Attack Surface Reduction Similar to Linux Security Modules/SELinux Same policy syntax as SELinux Different types, roles, users and attributes Same tools for policy compilation / verification (checkpolicy) security config passthrough inter-vm communication hypervisor domain(self) domain(other) memory (grant, mmu, shadow)
35
36 Documentation wiki.xenproject.org/wiki/dom0_disaggregation wiki.xenproject.org/wiki/xen_security_modules_:_xsm-flask Products & Projects Qubes OS OpenXT Crucible:Defense starlab.io Secure OS FOSS Platform for security research, security applications and embedded appliance integration building on Xen & OpenEmbedded Xen Project based virtualization platform for technology protection, cyber-hardening, and system integrity for aerospace & defense systems Pratap Flickr
37
38 USB Service Domain Banking Domain Personal Domain Firewall VM enforces network policies Network Domain Dom0 Secure UI and sysadmin domain User defined App VMs for individual apps or groups of apps
39
40 Dornerworks dornerworks.com/xen Consulting Xen Embedded Distros Xen for Xilinx Zynq Xen for NXP i.mx 8 ARLX Hypervisor DO-178 (EAL6+), IEC 62304, ISO MILS EAL FACE, VICTORY, ARINC 653 Starlab starlab.io Crucible and Crucible:Defense Xen embedded hypervisor In progress: DO-178, MILS EAL Uses a minimal Dom0 using MiniOS, disaggregation and XSM/FLASK AIS ainfosec.com BAE Systems baesystems.com Galois galois.com Maintain FreeRTOS Xen Port Developed and maintain HalVM Precedents of military grade certification for Xen based systems & xenbits.xenproject.org/people/larsk/xpds14 - Xen and the Art of Certification.pdf Pratap Flickr
41 GlobalLogic Product: Nautilus bit.do/gl-nautilus First product in production expected in Q Supports: HW: Renesas R-Car Gen2 & Gen3, TI Jacinto6, Intel Apollo Lake, Qualcomm 410C, Sinlinx A33 Guests: Linux up to 4.9 Android M, N, N-Car QNX, ThreadX, FreeRTOS PV Drivers for: GPU, Audio, HW accelerated Video codecs, DRM, Contributions: 27 smaller features from 2013 to 2016 EPAM Demo Next slide Interesting Features: Container based telematics applications running in a Xen VM that can be downloaded from a cloud service Ongoing Contributions: ABIs for PV Sound, PV Display & PV DRM Leading development of co-processor sharing framework LG Electronics Demo bit.do/lg-xen-demo-2016 Bosch Car GmbH Contributions 10 smaller features in 2016 Perseus (stealth) Founded by Xen maintainer bit.do/perseus-2017 Demo at IAA 2017 in Frankfurt, Germany ADIT Joint venture Bosch & DENSO Little known at this stage Pratap Flickr
42 xenbits.xenproject.org/people/larsk/ LCC17 - The Internet of Transportation[1080P].MP4 Pratap Flickr
43 AWS Telematics Simulation Agent ver 1.0 Telematics Simulation Agent ver 2.0 Monitoring Dashboard Driver Behavior Based Insurance Backend Dom0 - Control DomD HW Drivers & Cluster DomU Fusion DomU Linux IVI TrustZone Dom0 Services Cluster Simulation App Wayland/Weston Telematics simulation Agent (Acceleration, Braking, Corning, GPS) IVI Simulation App MW Frameworks Trusted Apps Minimal rootfs Wayland BE (Events/Display) OpenGL ES ALSA w PV_ALSAS_BE Container mgmt tool Containers Minimal rootfs with systems library PV DISPLAY PV EVENTS PV SOUND Linux Kernel w/o HW Drivers Linux Kernel with GPU and other HW Drivers Linux Kernel w/o HW Drivers Linux Kernel with GPU and w/o other HW Drivers Hypervisor OP-TEE OS R-Car H3 Platform TZ monitor
44 Picture by Lars Kurth
45 Xen Project & Security in Cloud: Only Hypervisor with VMI Protection from new classes of malware Several security companies working with XenServer Live Patching Disruption free application of vulnerabilities Used by several cloud providers Used best in commercial products, e.g. XenServer Industry Leading Vulnerability Process Includes QEMU and Kernel XSAs Picture by Lars Kurth
46 Xen Project in Embedded & Automotive: Extremely Flexible and Versatile Proven in many different markets Easy to port to new environments Easy to develop new PV drivers (see bonus 2) Highly customizable Security and Resilience Isolation, Partitioning, Security Features Safety Examples of Military Grade Certification BUT: looking at ways to make this easier and cheaper Challenges still being addressed Standardization of more I/O devices via PV protocols Standardization of GPU and co-processor sharing RTOS or other minimal OS as Dom0 Testing of embedded Hardware by the project Picture by Lars Kurth
47 Picture by Lars Kurth
48 Picture by Lars Kurth
49
50 EL0/PL0 least privileged mode used for applications (user mode) EL1/PL1 privileged mode used for running kernels such as the Linux kernel EL2/PL2 This has a higher level of privilege and can be used to run a hypervisor which takes control of the system and can host multiple "guest" operating systems
51 EL0 Guest Userspace Guest Userspace Guest Userspace Host Userspace Guest Userspace Guest Userspace EL1 Guest Kernel Guest Kernel Guest Kernel Guest Kernel Guest Kernel EL2 Hypervisor Native DDs Host Kernel + Hypervisor Native DDs Traditional Embedded Type 1 Hypervisor Type 2 with VHE/ARMv8.1 (e.g. KVM)
52 EL0 Host Userspace Guest Userspace Guest Userspace Host Userspace Guest Userspace Guest Userspace EL1 Guest Kernel Guest Kernel Guest Kernel Guest Kernel Guest Kernel EL2 Hypervisor Native DDs Host Kernel + Hypervisor Native DDs Traditional Embedded Type 1 Hypervisor Type 2 with VHE/ARMv8.1 (e.g. KVM)
53 EL0 Dom0 Userspace Toolstack Guest Userspace Guest Userspace Strong Isolation Device Drivers run in EL1, not EL2 EL1 Dom0 Kernel Guest Kernel Guest Kernel Protected Address Spaces: Grant tables Native DDs EL2 Xen Project Hypervisor Trusted Computing Base (TCB)
54 EL0 Dom0 Userspace Guest Userspace Guest Userspace Toolstack EL1 Dom0 Kernel Native DDs Guest Kernel Guest Kernel Control Plane Server: sysadmin EL2 Xen Project Hypervisor Embedded: config/setup, system health monitoring (watchdog), maintenance, SW updates,
55
56 Application Dom0 Kernel Guest Kernel *Back Driver Native Driver *Front Driver Xen Project Hypervisor I/O HW
57 Existing net, block, console keyboard, mouse, USB framebuffer, GPU sharing* New in Xen 4.9 9pfs (share a filesystem between VMs) Pvcalls (forward POSIX calls across VMs) multitouch, sound, display, DRM Developing New Ones Easy to write (GPL and BSD samples) Kernel and User Space *) A number of different approaches by different vendors in different market segments are being deployed, which are PV-like, but not strictly a PV protocol
58
59 Xen supports several different schedulers with different properties.
60 Xen supports several different schedulers with different properties. Hard real-time (ARINC653) Soft real-time (RTDS) Regular VM scheduler (Credit) Dedicated to 1 VCPU via pinning and Null scheduler no scheduler overheads
61 Scheduler Use-cases Today Future plans Credit General Purpose Supported Default Supported Optional Credit 2 General Purpose Supported Default Optimized for lower latency, higher VM density RTDS Soft & Firm Real-time Multicore Embedded, Automotive, Graphics & Gaming in the Cloud, Low Latency Workloads Experimental Better XL support <1μs granularity Supported Hardening Optimization ARINC 653 Hard Real-time Single core Supported Compile time Avionics, Drones, Medical Null Hard Real-time Experimental Supported
62 vcpu 0 vcpu 1 virq 109 pcpu 0 pcpu 1 IRQ injection Always on the CPU running the vcpu irq 109
63 vcpu 0 vcpu 1 virq 109 IF THEN virq target changes or vcpu is moved virq is moved immediately virq 109 pcpu 0 pcpu 1 irq 109
64 vcpu 0 vcpu 1 pcpu 0 virq 109 pcpu 1 Xilinx ZynqMP board (four Cortex A53 cores, GICv2) WARM_MAX (excluding the first 3 interrupts): <2000ns Without Null scheduler See blog.xenproject.org/2017/03/20/xen-on-arminterrupt-latency/ irq 109 IRQs always shadow the virq minimizes latency
65 Developer Portal: bit.do/xen-devs Xen on ARM whitepaper: bit.do/xenarm-white Xen on ARM wiki: bit.do/xenarm-wiki Port Xen to a new SOC: bit.do/xenarm-porting Add Xen support Xen to your OS: bit.do/xenarm-os Device Passthrough presentation: bit.do/xenarm-pt OE meta-virtualization Xen recipe: bit.do/xenmeta OpenXT (Xen + OpenEmbedded): openxt.org Xenbedded presentation: bit.do/xenbedded Monthly ARM Community Call: bit.do/xenarm-call
66 Picture by Lars Kurth
67 Security Process Number of Vulnerabilities Media Coverage Other Considerations
68 Responsible Disclosure: fix critical systems/software before publication R F P A X Full Disclosure, post-fix: public disclosure with a fix R F A X Full Disclosure, immediate (no-fix): public disclosure without a fix R A F X R: Vulnerability reported to security@... P: Vulnerability pre-disclosed to eligible users A: Vulnerability announced publicly F: Fix available
69 Responsible only FOSS Project Bug Severity 1 Process Type Days 2 Who? 3 Linux Kernel via OSS-security distros 4 Medium Critical Responsible Disclosure OSS-security 5 Low Full Disclosure, no-fix QEMU (KVM) via QEMU Security Process 6 OpenStack OSSA OpenStack OSSN Xen Hypervisor Includes Linux & QEMU vulnerabilities in supported Xen configurations Medium Critical Low Medium Critical Low Responsible Disclosure Full Disclosure, no-fix Responsible Disclosure Full Disclosure, post-fix D D D, S, P Low Critical Responsible Disclosure 14 D, S, P 1) Is the CVE severity used to handle vulnerabilities differently? 2) Days embargoed (information is classified) 3) D = Distros/Products, S = Public Service, P = Private Downstream 4) 4) New members: 5) or devel list 6) Only handles x86 KVM bugs (no ARM or other bugs)
70 Impacts how long a user (aka you) is at risk Is my distro/vendor on a pre-disclosure list? A surprisingly large number of distros are not: including a few on Linux.com s Best Linux Distros of 2016 list Impacts cloud / service providers As a user, are security issues fixed before public disclosure? Low Severity vulnerabilities can still be High Risk Temporal and Environmental CVSS scores are not covered by CVE databases (neither cvedetails.com or nvd.nist.gov) Vulnerabilities can be chained together, making the combo High Severity (e.g. Hot Potato used 3 old unpatched vulnerabilities to gain root access)
71 cvedetails.com (bit.do/guide-cvedetails) Easy to use interface for vulnerability data Data from several sources Browsable by vendor, product, version, type, date Vulnerability statistics, trends, reports BUT: rigid getting data outside pre-defined vendor/product categories is near-impossible vulners.com (good guides on slideshare.net search for vulners) In many ways more accurate and flexible than cvedetails type:cve AND (description:kvm OR description:qemu) AND published: [2012 TO *] 307 type:cve AND (description:xen) AND published: [2012 TO *] 245 Works best when used through its API (in particular if you want to visualize the data)
72 Linux Kernel KVM w. QEMU Xen Project Critical High Low 100 Medium 50 Legend: CVSS Score Distribution * *) Data up to Sept 4th, 2017 Vulnerability data from vulners.com
73 % 35% 33% of Xen stories cover Vulnerabilities Number of Vulnerabilities % % 20% 15% 16% Clips covering vulnerabilities (US only) Xen KVM QEMU Linux Xen KVM QEMU Linux 10% 5% 0% Xen 6.5% 2.5% KVM QEMU Linux % of Vulnerability Stories on The Register Data covering September 2016 September 2017: from vulners.com, mention.com and theregister.com
74 Does the Project Look for Vulnerabilities? Approach to Quality and Testing: e.g. Fuzzing, Audits of components Does the project award Bug Bounties (e.g. NetBSD)? Do vendors supporting the project offer Bug Bounties? Infrastructure related to Vulnerabilities Transparency: How well are processes documented Vulnerability Testing: XTF (in Xen) Vulnerability Tooling: XSATool, XSAMatch (in Xen)
Xen Project Automotive and Embedded Overview
Xen Project Automotive and Embedded Overview April, 2018 Lars Kurth Chairman, Xen Project Advisory Booard This work is licensed under a Creative Commons Attribution-Share Alike 4.0 (CC BY-SA 4.0) GENIVI
More informationXen on ARM. Stefano Stabellini
Xen on ARM Stefano Stabellini What is Xen? a type-1 hypervisor small footprint (less than 90K LOC) Xen: Open Source GPLv2 with DCO (like Linux) Diverse contributor community Xen: Open Source source: Mike
More informationXen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo
Xen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo 2014 GlobalLogic Inc. Vehicles are Changing Vehicle became the ultimate mobile device and we, the people, are becoming connected drivers
More informationTransforming XenServer into a proper open-source project
Transforming XenServer into a proper open-source project James Bulpin CTO, XenServer, Citrix About the speaker James Bulpin Head of technology for XenServer group in Citrix; member of the Citrix CTO office
More informationHeterogeneous Real-Time SoC Software Architecture
Heterogeneous Real-Time SoC Software Architecture Presented By Stefano Stabellini Principal System Software Engineer Introduction Stefano Stabellini Xen Project: Founder of the Xen on Arm effort in late
More informationXen on ARM. How fast is it, really? Stefano Stabellini. 18 August 2014
Xen on ARM How fast is it, really? Stefano Stabellini 18 August 2014 Status Xen Project 4.4 release: status Features: 64-bit guest support in ARMv8 stable hypercall ABI basic lifecycle operations memory
More informationSCALE 14X. The Bare-Metal Hypervisor as a Platform for Innovation. By Russell Pavlicek Xen Project Evangelist
SCALE 14X The Bare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist rcpavlicek@yahoo.com @RCPavlicek About the Old, Fat Geek Up Front Linux user since 1995; became
More informationKeeping customer data safe in EC2 a deep dive. Martin Pohlack Amazon Web Services
Keeping customer data safe in EC2 a deep dive Martin Pohlack Amazon Web Services 1 Bio... Principal Engineer with Amazon Web Services I like to play with Low-level stuff Synchronization, hardware transactional
More informationVirtualization in the Cloud Lars Kurth Xen Community Manager
Virtualization in the Cloud Lars Kurth Xen Community Manager lars.kurth@xen.org @lars_kurth @xen_com_mgr A Brief History of Xen in the Cloud Late 90s XenoServer Project (Cambridge Univ.) The XenoServer
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationTITANIUM CLOUD VIRTUALIZATION PLATFORM
TITANIUM CLOUD VIRTUALIZATION PLATFORM Glenn Seiler Software Defined Infrastructure BU 30 Minutes 12 Content Slides 2017 WIND RIVER. ALL RIGHTS RESERVED. Wind River Titanium Cloud Titanium Cloud is a cloud
More informationVirtualization Introduction
Virtualization Introduction Simon COTER Principal Product Manager Oracle VM & VirtualBox simon.coter@oracle.com https://blogs.oracle.com/scoter November 21 st, 2016 Safe Harbor Statement The following
More informationThe only open-source type-1 hypervisor
Monika Danikáková What is Xen? The only open-source type-1 hypervisor For Unix and Unix-like OS Linux, NetBSD and OpenSolaris From ancient greek term Xenos (ξένος), guest-friends Developed by the University
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationXen Community Update. Ian Pratt, Citrix Systems and Chairman of Xen.org
Xen Community Update Ian Pratt, Citrix Systems and Chairman of Xen.org 1 Outline Project Status Xen Client Initiative Xen Cloud Platform New Xen 4.0 Features 2 Announcement The Xen Advisory Board is excited
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationBITDEFENDER GRAVITYZONE TANEL JEVSTIGNEJEV ALTACOM
BITDEFENDER GRAVITYZONE TANEL JEVSTIGNEJEV ALTACOM BUKAREST RUMEENIA KASUTAJAID 500 000 000+ THE MOST ADVANCED CYBERSECURITY IN THE WORLD BITDEFENDER CLOUD 11 000 000 000+ PÄRINGUT PÄEVAS ÜLE 120 OEM PARTNERI
More informationXen Project 4.4: Features and Futures. Russell Pavlicek Xen Project Evangelist Citrix Systems
Xen Project 4.4: Features and Futures Russell Pavlicek Xen Project Evangelist Citrix Systems About This Release Xen Project 4.4.0 was released on March 10, 2014. This release is the work of 8 months of
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationHW isolation for automotive environment BoF
HW isolation for automotive environment BoF Michele Paolino m.paolino@virtualopensystems.com AGL All Member Meeting 2016, 2016-09-07, Munich, Germany http://www.tapps-project.eu/ Authorship and sponsorship
More informationXen is not just paravirtualization
Xen is not just paravirtualization Dongli Zhang Oracle Asia Research and Development Centers (Beijing) dongli.zhang@oracle.com December 16, 2016 Dongli Zhang (Oracle) Xen is not just paravirtualization
More informationHow to protect Automotive systems with ARM Security Architecture
How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked
More informationSECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM
1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationVirtual Open Systems (VOSyS)
Virtual Open Systems (VOSyS) 2018-06-14 Company Profile contact@virtualopensystems.com 2018-05-05www.virtualopensystems.com Virtual Open Systems: Profile Virtual Open Systems (VOSyS) is a French fully
More informationHypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public
Franz Walkembach for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public 2018-04-19 1 What you can expect Quick introduction of SYSGO AG What are the market trends for hypervisor? Market size and main
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationSIERRAWARE SIERRATEE FOR MIPS OMNISHIELD
SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD Introduction SierraTEE for MIPS OmniShield is a Global Platform compliant Trusted Execution Environment (TEE) designed for devices based on Imagination Technologies'
More informationSecurity and Performance Benefits of Virtualization
Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationVirtualisation: The KVM Way. Amit Shah
Virtualisation: The KVM Way Amit Shah amit.shah@qumranet.com foss.in/2007 Virtualisation Simulation of computer system in software Components Processor Management: register state, instructions, exceptions
More informationAbstract. Testing Parameters. Introduction. Hardware Platform. Native System
Abstract In this paper, we address the latency issue in RT- XEN virtual machines that are available in Xen 4.5. Despite the advantages of applying virtualization to systems, the default credit scheduler
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationVirtualization for Embedded Systems
Is an open source solution right for you? 6/26/2013 Julia Keffer Page i Table of Contents Table of Contents Introduction... 1 What is Virtualization?... 1 Virtualization Applications... 2 Operating Systems
More informationXen Project Status Ian Pratt 12/3/07 1
Xen Project Status Ian Pratt 12/3/07 1 Project Status xen.org and the Xen Advisory Board Xen project mission Ubiquitous virtualization Realizing Xen s architectural advantages From servers to clients Interoperability
More informationXen. past, present and future. Stefano Stabellini
Xen past, present and future Stefano Stabellini Xen architecture: PV domains Xen arch: driver domains Xen: advantages - small surface of attack - isolation - resilience - specialized algorithms (scheduler)
More informationWhat is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks
LINUX-KVM The need for KVM x86 originally virtualization unfriendly No hardware provisions Instructions behave differently depending on privilege context(popf) Performance suffered on trap-and-emulate
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationDOUG GOLDSTEIN STAR LAB XEN SUMMIT AUG 2016 ATTACK SURFACE REDUCTION
DOUG GOLDSTEIN STAR LAB XEN SUMMIT 2016 25 AUG 2016 ATTACK SURFACE REDUCTION OVERVIEW TOPICS Define attack surface Discuss parts of Xen s attack surface Attack surface metrics for Xen Define attack surface
More informationNew ARMv8-R technology for real-time control in safetyrelated
New ARMv8-R technology for real-time control in safetyrelated applications James Scobie Product manager ARM Technical Symposium China: Automotive, Industrial & Functional Safety October 31 st 2016 November
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationVirtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software
Virtualizaton: One Size Does Not Fit All Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software Agenda Linux and Automotive Challenges Solution: Virtualization Linux Containers Best
More informationA Userspace Packet Switch for Virtual Machines
SHRINKING THE HYPERVISOR ONE SUBSYSTEM AT A TIME A Userspace Packet Switch for Virtual Machines Julian Stecklina OS Group, TU Dresden jsteckli@os.inf.tu-dresden.de VEE 2014, Salt Lake City 1 Motivation
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationReal-Time Systems and Intel take industrial embedded systems to the next level
Solution brief Industrial IoT (IIoT) Embedded Software and Systems Real-Time Systems and Intel take industrial embedded systems to the next level Innovative hypervisor and partitioning software increases
More information1 Virtualization Recap
1 Virtualization Recap 2 Recap 1 What is the user part of an ISA? What is the system part of an ISA? What functionality do they provide? 3 Recap 2 Application Programs Libraries Operating System Arrows?
More informationOriginally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison
Virtualization Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison I. Introduction to Virtualization II. Virtual liances III. Benefits to Virtualization IV. Example
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationEC H2020 dredbox: Seminar School at INSA Rennes
EC H2020 dredbox: Seminar School at INSA Rennes contact@virtualopensystems.com www.virtualopensystems.com Pierre LUCAS 2017-11-22 Open Part 1: Open Company Overview 2 OpenOpen Confidential & Proprietary
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationXen Project Overview and Update. Ian Pratt, Chairman of Xen.org, and Chief Scientist, Citrix Systems Inc.
Xen Project Overview and Update Ian Pratt, Chairman of Xen.org, and Chief Scientist, Citrix Systems Inc. Xen Community Story 2002 Oct Xen hypervisor development starts 2004 Xen 1.0 and 2.0 released, First
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationOverview. Technology Details. D/AVE NX Preliminary Product Brief
Overview D/AVE NX is the latest and most powerful addition to the D/AVE family of rendering cores. It is the first IP to bring full OpenGL ES 2.0/3.1 rendering to the FPGA and SoC world. Targeted for graphics
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationVirtualization in the Cloud: Featuring Xen Lars Kurth Xen Community Manager
Virtualization in the Cloud: Featuring Xen Lars Kurth Xen Community Manager lars.kurth@xen.org FREENODE: lars_kurth @lars_kurth @xen_com_mgr A Brief History of Xen in the Cloud Late 90s XenoServer Project
More informationVirtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California
Virtualization with XEN Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California A g e n d a Introduction Virtualization approaches Basic XEN Architecture Setting up XEN Bootstrapping
More informationTHREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156
THREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156 JIM P. NIXON Application Support Manager Seyfarth Shaw LLP jnixon@seyfarth.com IN THE PAST, TRADITIONAL SOLUTIONS DIDN T THINK ABOUT VIRTUAL WORKLOADS
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationExtended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
More informationTooling Linux for the Future of Embedded Systems. Patrick Quairoli Director of Alliance and Embedded Technology SUSE /
Tooling Linux for the Future of Embedded Systems Patrick Quairoli Director of Alliance and Embedded Technology SUSE / Patrick.Quairoli@suse.com With SUSE You Can Control Infrastructure Optimize Operations
More informationSoftware Security and Exploitation
COMS E6998-9: 9: Software Security and Exploitation Lecture 8: Fail Secure; DoS Prevention; Evaluating Components for Security Hugh Thompson, Ph.D. hthompson@cs.columbia.edu Failing Securely and Denial
More informationCloud Computing Virtualization
Cloud Computing Virtualization Anil Madhavapeddy anil@recoil.org Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. x86 support for virtualization. Full and
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationPatching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE
Patching and Updating your VM SUSE Manager Donald Vosburg, Sales Engineer, SUSE dvosburg@suse.com Why should I care? I just clone my base VM image, and after that it is not my problem... Understand the
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More information10 Steps to Virtualization
AN INTEL COMPANY 10 Steps to Virtualization WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Virtualization the creation of multiple virtual machines (VMs) on a single piece of hardware, where
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationSecuring the Data Center against
Securing the Data Center against vulnerabilities & Data Protection Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and
More informationCitrix XenServer 7.1 Feature Matrix
Citrix XenServer 7.1 Matrix Citrix XenServer 7.1 Matrix A list of Citrix XenServer 7.1 features by product edition, including XenApp and XenDesktop license entitlements. Comprehensive application and desktop
More informationExpert Days SUSE Manager
Expert Days 2018 SUSE Manager SUSE Manager Best-in-class open source infrastructure management solution designed to help your enterprise DevOps and IT Operations teams to: Optimize operations while reducing
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationCommunication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018
Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018 Agenda Motivation Introduction of Safety Components Introduction to ARMv8
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationIoT Market: Three Classes of Devices
IoT Market: Three Classes of Devices Typical Silicon BOM PC-Like Embedded Devices ~100 million units ATM, Retail Point of Service Intel Core $100+ Smart Things ~800 million units PLC, Edge Gateway, Thermostat
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationA Big Little Hypervisor for IoT Development February 2018
A Big Little Hypervisor for IoT Development February 2018 Contents PROJECT OVERVIEW TECHNICAL OVERVIEW GOVERNANCE JOIN US! PROJECT OVERVIEW Current State of Affairs IoT Development IoT device devices requires
More informationSecuring Multiple Mobile Platforms
Securing Multiple Mobile Platforms CPU-based Multi Factor Security 2010 Security Workshop ETSI 2010 Security Workshop Navin Govind Aventyn, Inc. Founder and CEO 1 Mobile Platform Security Gaps Software
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationDocker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications
Technical Brief Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications As application teams deploy their Dockerized applications into production environments,
More informationARMv8 port of the Jailhouse hypervisor
Security Level: ARMv8 port of the Jailhouse hypervisor Antonios Motakis antonios.motakis@huawei.com Version: V1.0(20160321) Huawei Technologies Duesseldorf GmbH Acknowledgements Jan Kiszka, SIEMENS (Upstream
More informationTable of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2
Table of Contents Introduction Overview of vsphere Integrated Containers 1.1 1.2 2 Overview of vsphere Integrated Containers This document provides an overview of VMware vsphere Integrated Containers.
More informationHypervisors on ARM Overview and Design choices
Hypervisors on ARM Overview and Design choices Julien Grall Root Linux Conference 2017 ARM 2017 About me Working on ARM virtualization for the past 4 years With ARM since 2016 Co-maintaining
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationBack To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
More information