DevConf.US 2021 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston!
The security of the entire cloud ecosystem depends on the isolation guarantees that hypervisors provide between guest VMs and the host system. To allow VMs to communicate with their environment, hypervisors provide a slew of virtual-devices, including network interface cards and performance-optimized VIRTIO devices. As these devices sit directly on the hypervisor’s isolation boundary and accept inputs that are potentially attacker-controlled, bugs and vulnerabilities in the devices’ implementations can render the hypervisor’s isolation guarantees moot.
In this talk, I will describe how we implemented fuzzing for virtual-devices in the QEMU hypervisor to automatically find and report security vulnerabilities. I will explain how the fuzzer is able to test a wide range of virtual-devices, without tailored configurations, or expert knowledge. Our contributions lead to an academic paper that will be presented at USENIX Security 2022. Finally, I'll highlight the key takeaways from the experience of fuzzing hypervisors, and explain how we are applying them to other areas, such as kernel fuzzing.
