About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
KVM Forum 2021
Conference paper
Securing the Hypervisor with Control-Flow Integrity
Abstract
n the cloud, the Hypervisor is usually the first line of defense against attacks from malicious users. But what if the Hypervisor itself is vulnerable to attacks? What can we do to protect the host, and other VMs, against Hypervisor attacks, specifically zero-day exploits, where only generic security countermeasures can be taken? In this seminar, we present our work with the QEMU community to upstream a new security mechanism by leveraging Clang's software implementation of both backward and forward Control-Flow Integrity (CFI) for x86 systems. We show how, and why, this technique can provide an effective protection against zero-day remote execution exploits based on buffer overflows and ROP attacks, sooner and more extensively than current countermeasures such as SELinux, AppArmor, or Seccomp. We will also explain why compiler-driven CFI offers better protection than hardware-based techniques such as Intel's CET. Finally, we will discuss the few incompatibilities we encountered in QEMU's codebase, and the possibility of enabling CFI with QEMU's plugins and modules, which are currently unsupported.