Attacks are Forwarded - Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
Offered By: USENIX via YouTube
Course Description
Overview
Explore a 14-minute conference talk from USENIX Security '23 that reveals a new attack surface for breaking the isolation of microVM-based containers. Discover how researchers identified "operation forwarding attacks" that exploit vulnerabilities in host systems running containerized applications. Learn about the three-layer component structure of microVM-based containers and the corresponding attack strategies for each layer. Examine eight specific attacks demonstrated against Kata Containers and Firecracker-based containers, including their impacts on privilege escalation, IO and CPU performance degradation, and potential host system crashes. Gain insights into experiments conducted in local environments as well as on major cloud platforms like AWS and Alibaba Cloud. Consider the security implications for containerized applications and review suggested mitigation strategies to protect against these newly discovered vulnerabilities.
Syllabus
USENIX Security '23 - Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers...
Taught by
USENIX
Related Courses
Architecting Microsoft Azure SolutionsMicrosoft via edX Internetwork Security
Indian Institute of Technology, Kharagpur via Swayam Network Security
Georgia Institute of Technology via Udacity Microsoft Professional Orientation : Cloud Administration
Microsoft via edX Cyber Threats and Attack Vectors
University of Colorado System via Coursera