Virtualization is the future (and often, present) of large-scale IT, but like any technology it has its share of flaws and shortcomings. Today, as we near the beginning of Black Hat USA 2014, we highlight three Briefings that explore the world of virtualized systems... more specifically, how to break and/or protect them.
Hypervisors are here to stay, and promise to shrink the attack surfaces of exposed systems. But Rafal Wojtczuk's been breaking them for eight years, and oh, does he have some tales to tell. Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors will begin with a trip down memory lane, revisiting major hypervisor breakouts and throwing in a few new exploits, too. Later, he'll examine hypervisor security; does it really live up to the promises? Not at all. In fact, he'll reveal why he believes most hypervisors aren't built with security in mind, as well as his suggestions to harden them.
OpenStack allows you to manage a cloud of VMs, and has grown into a widely adopted platform. The issue with having a centralized IAAS is that if you compromise the management cluster you can attack everything it controls, which is a lot at Yahoo! scale. How do you keep your OpenStack cluster safe? What do you do when a management system, hypervisor, or VM is compromised? OpenStack Cloud at Yahoo! Scale: How to Avoid Disaster will discuss how to harden your cluster and make large breaches less likely. And if a breach does occur, you'll find out how to contain it. Bonus: Examples will be drawn from Yahoo!'s massive deployments of OpenStack clusters.
Finally, it's an arms race between malware authors and forensics experts, and dynamic analysis (sandboxing) is one of good guys' best weapons. But malware authors are evading it in ever-increasing ways. What to do? Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware will be a 101, 201, and possibly a 301 on leveraging full-system emulation, showing you the pros and cons of this methodology as well as intel on the latest malware evasion techniques observed in the wild.
Regular registration ended on July 26, which was a couple days ago! What are you doing over there? Do you always procrastinate so much? Better visit Black Hat USA 2014's registration page to see what your options are.