August 22nd - 24th in Toronto, Canada
Register Now for LinuxCon+ContainerCon North America 2016!
Wednesday, August 24 • 11:55am - 12:45pm
Performant Security Hardening of KVM - Steve Rutherford, Google

Sign up or log in to save this to your schedule and see who's attending!

Guest escapes and host information leaks in KVM are a causes for great concern. This talk covers a safer mode for KVM on x86 that is intended to reduce the frequency of such exploits, without decreasing performance. By removing complex, non-performance critical devices from KVM (namely, legacy interrupt controllers and the instruction emulator), the host kernel can expose less attack surface to the guest. This talk analyzes the guest exposed attack surface of KVM, as well as the performance and security implications of this new mode in production.


Steve Rutherford

Steve is a Software Engineer on Google's Virtualization Security team, which maintains the security of Google Compute Engine. Steve's recent projects include KVM attack surface reduction (pulling legacy interrupt controllers out of KVM), which was merged into the 4.4 kernel.

Wednesday August 24, 2016 11:55am - 12:45pm
Harbour A

Attendees (19)