Security researchers from Invisible Things Lab claim will be demonstrating how easy it is to hack hypervisors at the next Black Hat conference in Las Vegas in August. More specifically, they’ll be discussing the (in)security of the Xen hypervisor, such as how to plant rootkits, how to bypass various hypervisor anti-subverting techniques, as well as how “Bluepills” (ah, that rang a bell) can be used in bare-metal hypervisor compromises. They plan on releasing proof-of-concept code.
From the Invisible Things blog:
The three presentations have been designed in such a way that they complement each other and create one bigger entirety, thus they can be referred as “Xen 0wning Trilogy” for brevity.
The three presentations that are mentioned, are the following:
- Subverting the Xen hypervisor
- Detecting and Preventing the Xen hypervisor subversions
- Bluepilling the Xen hypervisor
Should be interesting!
On a sidenote, this caveat in the Invisible Things Lab blog post is an interesting statement on its own:
It’s worth noting that we chose Xen as the target not because we think it’s insecure and worthless. On the contrary, we believe Xen is the most secure bare-metal hypervisor out there (especially with all the goodies in the upcoming Xen 3.3). Still we believe that it needs some improvements when it comes to security. We hope that our presentations will help making Xen (and similar hypervisors) more secure.
Do you agree?
[Source: Information Week]