Attacking Hypervisors via Firmware and Hardware

More documents

Recommendations

Info

VMM “forensics”With the help of a rootkit in firmware any VM guestcan extract all information about hypervisor and otherVMs … and just from memory• VMCS structures, MSR and I/O bitmaps for each VM guest• EPT for each VM guest• Regular page tables for hypervisor and each VM guest• IOMMU pages tables for each IOMMU device• Full hypervisor memory map, VM exit handler…• Real hardware configuration (registers for real PCIe devices,MMIO contents…)
VMCS, MSR and I/O bitmaps..
Page 1 and 2: Attacking Hypervisorsvia Firmware a
Page 3 and 4: Image sourceHypervisor Based Isolat
Page 5 and 6: Hypervisor Based IsolationVirtual M
Page 7 and 8: CPU Virtualization (simplified)VM G
Page 9 and 10: Hypervisor ProtectionsSystem Firmwa
Page 11 and 12: What is firmware rootkit?Virtual Ma
Page 13 and 14: “Backdoor” for attacker’s VM1
Page 15 and 16: Using hardware SPI flash programmer
Page 17 and 18: Software access and exploiting some
Page 19 and 20: Installing rootkit in firmware from
Page 21: We flashed rootkited part of firmwa
Page 25 and 26: Image sourceAttacking Hypervisor Em
Page 27 and 28: Did you know that VMMs emulate virt
Page 29 and 30: Crashing Host or Guest from Ring3
Page 31 and 32: Pointer Vulnerabilities in SMI Hand
Page 33: DEMOAttacking Hypervisor viaPoisono
Page 36 and 37: So that’s a firmware issue! Firmw
Page 38 and 39: Attacking VMM by proxying through S
Page 40 and 41: Do Hypervisors Dreamof Electric She
Page 42 and 43: What is S3 boot script table?A tabl
Page 44 and 45: Xen attack via S3 boot scriptFound
Page 46 and 47: Image sourceDEMOAttacking Xenin its
Page 48 and 49: So these firmware vulnerabilities a
Page 50 and 51: First things first - fix that firmw
Page 52 and 53: Dealing with system firmware attack
Page 54 and 55: References1. CHIPSEC: https://githu

Attacking Hypervisors via Firmware and Hardware

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?