DevConf.US 2021 has ended
DevConf.US 2021 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston!
Back To Schedule
Friday, September 3 • 15:00 - 15:30
Bending (Input) Space to Fuzz Virtual Devices and Beyond

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The security of the entire cloud ecosystem depends on the isolation
guarantees that hypervisors provide between guest VMs and the host system. To
allow VMs to communicate with their environment, hypervisors provide a slew of
virtual-devices, including network interface cards and performance-optimized
VIRTIO devices. As these devices sit directly on the hypervisor’s
isolation boundary and accept inputs that are potentially attacker-controlled,
bugs and vulnerabilities in the devices’ implementations can render the
hypervisor’s isolation guarantees moot.

In this talk, I will describe how we implemented fuzzing for virtual-devices in
the QEMU hypervisor to automatically find and report security vulnerabilities.
I will explain how the fuzzer is able to test a wide range of virtual-devices,
without tailored configurations, or expert knowledge. Our contributions lead to
an academic paper that will be presented at USENIX Security 2022. Finally, I'll
highlight the key takeaways from the experience of fuzzing hypervisors, and
explain how we are applying them to other areas, such as kernel fuzzing.

avatar for Alexander Bulekov

Alexander Bulekov

Intern at Red Hat Research and PhD Candidate at Boston University, Red Hat
Alex is PhD Student at Boston University and an Intern at Red Hat Research.

Friday September 3, 2021 15:00 - 15:30 EDT

Attendees (4)