The Elephant in the Room: Questions to ask your Cloud Provider about Hypervisor Breakouts
In this talk I will discuss the elephant in the room or, more precisely, the one that carries the cloud: the hypervisor. In theory, it is
able to fully isolate the various virtual machines and networks from each other, in practice it is just another piece of software that can and will have security-related bugs as demonstrated by numerous public vulnerabilities in the commercially used hypervisors like Xen, HyperV, KVM and VMware. But in case of the hypervisor, an exploit does not just lead to compromise of the virtual server (like in case of a webserver and/or an OS exploit) but of the underlying physical server, leading to the possibility of circumventing boundaries that were enforced by virtual network segregation or even gaining access to data from other customers.
There will be a brief overview of selected vulnerabilities in various hypervisors from the last few years and an analysis what kind of
mitigations could have prevented the exploitation of the vulnerability in the first place. Knowing about those mitigations, you can and should also ask your cloud provider whether they are implemented!
Florian Magin is a security researcher at ERNW Research GmbH. His main interests are reverse engineering and security analysis of binary applications. In his free time he is one of the people organizing the local CTF team.