Loading…
DevConf.US 2021 has ended
Registration is now OPEN! Please register on hopin as soon as possible!

DevConf.US 2021 is the 4th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to a web browser near you!
Back To Schedule
Friday, September 3 • 15:00 - 15:30
Bending (Input) Space to Fuzz Virtual Devices and Beyond

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!



The security of the entire cloud ecosystem depends on the isolation
guarantees that hypervisors provide between guest VMs and the host system. To
allow VMs to communicate with their environment, hypervisors provide a slew of
virtual-devices, including network interface cards and performance-optimized
VIRTIO devices. As these devices sit directly on the hypervisor’s
isolation boundary and accept inputs that are potentially attacker-controlled,
bugs and vulnerabilities in the devices’ implementations can render the
hypervisor’s isolation guarantees moot.

In this talk, I will describe how we implemented fuzzing for virtual-devices in
the QEMU hypervisor to automatically find and report security vulnerabilities.
I will explain how the fuzzer is able to test a wide range of virtual-devices,
without tailored configurations, or expert knowledge. Our contributions lead to
an academic paper that will be presented at USENIX Security 2022. Finally, I'll
highlight the key takeaways from the experience of fuzzing hypervisors, and
explain how we are applying them to other areas, such as kernel fuzzing.

Speakers
avatar for Alexander Bulekov

Alexander Bulekov

Intern at Red Hat Research and PhD Candidate at Boston University, Red Hat
Alex is PhD Student at Boston University and an Intern at Red Hat Research.


Friday September 3, 2021 15:00 - 15:30 EDT
Virtual

Attendees (4)