Name: Performant Security Hardening of KVM - Steve Rutherford, Google
Start: 2016-08-24T11:55:00-0400
End: 2016-08-24T12:45:00-0400

August 22nd - 24th in Toronto, Canada
Register Now for LinuxCon+ContainerCon North America 2016!

Back To Schedule

Performant Security Hardening of KVM - Steve Rutherford, Google

Guest escapes and host information leaks in KVM are a causes for great concern. This talk covers a safer mode for KVM on x86 that is intended to reduce the frequency of such exploits, without decreasing performance. By removing complex, non-performance critical devices from KVM (namely, legacy interrupt controllers and the instruction emulator), the host kernel can expose less attack surface to the guest. This talk analyzes the guest exposed attack surface of KVM, as well as the performance and security implications of this new mode in production.

Speakers

Steve Rutherford

Google

Steve is a Software Engineer on Google's Virtualization Security team, which maintains the security of Google Compute Engine. Steve's recent projects include KVM attack surface reduction (pulling legacy interrupt controllers out of KVM), which was merged into the 4.4 kernel.

Wednesday August 24, 2016 11:55am - 12:45pm EDT
Harbour A

Joint Track with KVM Forum

Skill Level Intermediate
Tags KVM, Performance, Security, Virtualization

LinuxCon + ContainerCon North America 2016

Steve Rutherford

Attendees (18)

LinuxCon + ContainerCon North America 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Steve Rutherford

Attendees (18)