BATTLE OF SKM AND IUM
blackhat2015
blackhat2015
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IS <strong>IUM</strong>/VSM SECURE…? YES!<br />
• There do not appear to be any design flaws in the implementation of <strong>IUM</strong>/VSM<br />
• Good decisions made all around regarding separation of privileges, roles, and powers<br />
• Good analogy was made yesterday in the Microsoft presentation with government judicial, executive, and<br />
legislative branches<br />
• Extremely limited attack surface<br />
• Hypervisor is already a very thin piece of code. VTL has added complexity, but is manageable<br />
• No true hypervisor non-DoS bugs have ever been found (only virtualization component vulnerabilities)<br />
• <strong>SKM</strong> is ~350KB and provides limited system calls and accessible interfaces from VTL 0<br />
• SKCI does do ASN.1 parsing, but code has been tested for decades and is a minimalistic implementation<br />
• However, true VSM security relies on platform features to be present, and well-implemented