Securing the Hypervisor with Control-Flow Integrity
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the critical topic of hypervisor security through Control-Flow Integrity in this 19-minute conference talk by Daniele Buono from IBM. Delve into the importance of Control-Flow Integrity and its implementation techniques. Learn about protecting the stack through Shadow Stack and Safe Stack methods, understanding their differences and applications. Discover the process of implementing Safe Stack in QEMU and safeguarding function pointers. Gain insights into implementing icall CFI in QEMU, review the status of patches, and evaluate the accomplishments. Conclude by examining future directions in hypervisor security.
Syllabus
Intro
Outline
Why Control-Flow Integrity
Implementing Control-Flow Integrity
Protecting the Stack - Shadow Stack The standard protection against Stack Smashing
Protecting the Stack - Safe Stack
Shadow Stack vs Safe Stack
Implementing Safe Stack in QEMU
Protecting Function Pointers
Implementing icall CFI in QEMU
Status of patches
Did we accomplish something?
What's next?
Taught by
Linux Foundation
Tags
Related Courses
Enforcing Unique Code Target Property for Control-Flow IntegrityAssociation for Computing Machinery (ACM) via YouTube Current Status of RISC-V Security Mechanisms - Nick Kossifidis, FORTH
TheIACR via YouTube Two-Faces of WASM Security
Security BSides San Francisco via YouTube Taking Kernel Hardening to the Next Level
Black Hat via YouTube The Power of Data-Oriented Attacks - Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Black Hat via YouTube