Virtualisation and cloud computing technologies provide a unique set of security problems. Where one host runs multiple virtual guests, a new inter-guest attack surface is exposed. Several recent vulnerabilities have taken advantage of this, allowing for inter-guest attacks. This talk describes the key categories of virtualisation related vulnerabilities, narrated by a time line of critical CVEs. Defence attempts are also discussed, with emphasis on SELinux and the efforts of the sVirt project.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.