Virtualization: Enough Holes to
Las Vegas, 2007
University of California, San Diego
● Mostly known issues
● Mostly design flaws, not entirely bugs
● Documented behavior
● (So slightly less testing)
– VMWare Server, not ESX or VI3.
● This is still untenable
● Isolation isn't
● Covert channels
● Virtual machines on a network
● Virtual machines changing the network
● Live migration
● Questions, heckling, grandiose proposals
and accusations of hating freedom
Overview of Technologies
● OS Level Virt
● Full Virt w/ HW
● Full Virt w/o HW
● Full Emulation
➔ KVM, Xen
➔ VMWare, KQEmu
➔ QEmu, Bochs
● Freeze / Thaw / Snapshotting
● Decoupled Hardware
● Another Layer of Protection
● Live Migration
● Dynamic Deployment / Creation
– No longer bound to hardware, who cares
– Take many machines, use less of them.
Better utilization of physical hardware.
– Take many tasks, isolate them from each
other. Don't you feel more secure already?
● Shared hardware attacks
– Thought the SMT attacks were old news?
– Similar things on other shared hardware
● Attacking the host scheduler
● Did you want to actually... use that video
card? (Or other hardware device? USB?)
– Moment you pass real hardware, you can
wedge the entire box.
● Covert Channels
More on Covert Channels
● Use Resources
– Use something on one
– Detect on another
● RDTSC can help (or any half-decent timesource)
● Pass data in Layer 2
– Turns out... very few of us use EBTables.
– Mess with Novell, use IPX
– More of an Apple hater? Use appletalk!
– Old School? Want to try DECNet?
● Bypass host firewall
– Pick whatever IP you'd like
– VMWare bypasses by default in bridged mode
● Promiscuous Mode
● MAC impersonation
● Spoofing is easier again
The VMWare Model