+ All Categories
Home > Documents > Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made...

Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made...

Date post: 11-Aug-2020
Category:

Documents
Upload: others
View: 2 times
Download: 0 times
Download Report this document
Share this document with a friend
14
Fuzzing Virtual Devices in Hypervisors Alexander Bulekov 1 PhD Student @ BU Seclab Intern @ Red Hat
Transcript
Page 1: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

Fuzzing Virtual Devices in Hypervisors

Alexander Bulekov

1

PhD Student @ BU SeclabIntern @ Red Hat

Page 2: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

A

B

C

A B C

D

2

Page 3: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

Hardware

OS / Hypervisor

Guest OS

Apps

Guest OS

Apps

Guest OS

Apps

Guest OS

Apps

3

Virtual Devices

Page 4: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

Virtual Machines: Targets for Attackers

4

Page 5: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

RAM

Port IO MMIO DMA 5

Page 6: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

6

Page 7: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

RAM ? ?

Port IO MMIO DMA

How can we efficiently provide inputs to such a large IO space?

We leverage the Hypervisor Memory Access API

Enumerate all IO regions directly mapped to virtual devices.

Hook DMA accesses from virtual devices.

7

Page 8: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

8

Page 9: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

Cov

erag

e

Executions

9

Fuzz Some Device Configurations...

Page 10: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

10

Inspect the Fuzzer’s Coverage...

Page 11: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

11

Identify Challenges and Adjust the Fuzzer ...

Page 12: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

We have already found, reported and fixed bugs in devices such as virtio-net, virtio-scsi,

virtio-blk , char/serial, MegaRAID. More on the way...

12

Most of our work is already upstream!

Page 13: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

13

Page 14: Fuzzing Virtual Devices in Hypervisors · 2020-04-29 · openstack oVirt Boxes Virtualization made simple google ass-fuzz Pull requests 26 Actions Projects 0 Security Code OSS-Fuzz

Thank you to my mentors at Red Hat!

Bandan DasPaolo BonziniStefan Hajnoczi

[email protected] on irc.oftc.net

14


Recommended
Fuzz Pedal

Fuzz Pedal

Documents

BITOUN FUZZ - mk0anasoundsyn79sy00.kinstacdn.com€¦ · fuzz 1 let’s make the feed me fuzzy ! delivered at 50%, it’s large enough to fuzz ! 0% : we can transform this fuzz into

BITOUN FUZZ - mk0anasoundsyn79sy00.kinstacdn.com€¦ · fuzz 1 let’s make the feed me fuzzy ! delivered at 50%, it’s large enough to fuzz ! 0% : we can transform this fuzz into

Documents

fuzz orchestra

fuzz orchestra

Documents

Enabling High Availability Service with oVirt ...

Enabling High Availability Service with oVirt ...

Documents

oVirt and its community - oVirt中文社区 – 致力于开源虚拟化平 … · 2020. 7. 27. · oVirt and its community Sandro Bonazzola oVirt Release, Node, Integration Manager

oVirt and its community - oVirt中文社区 – 致力于开源虚拟化平 … · 2020. 7. 27. · oVirt and its community Sandro Bonazzola oVirt Release, Node, Integration Manager

Documents

oVirt and Docker Integration

oVirt and Docker Integration

Documents

Introduction to oVirt

Introduction to oVirt

Technology

oVirt Introductionap.hamakor.org.il/2013/slides/oVirt-intro-August-Pinguin...oVirt Introduction August 2013 Livnat Peer Red Hat Virtualization Management the oVirt way Large scale,

oVirt Introductionap.hamakor.org.il/2013/slides/oVirt-intro-August-Pinguin...oVirt Introduction August 2013 Livnat Peer Red Hat Virtualization Management the oVirt way Large scale,

Documents

JProfiler8 @ OVIRT

JProfiler8 @ OVIRT

Technology

Disaster Recovery in oVirt

Disaster Recovery in oVirt

Engineering

oVirt and Gluster hyper-converged! · oVirt and its Architecture oVirt is a virtualization platform to manage virtual machines, storage and networks Engine (ovirt-engine) Manages

oVirt and Gluster hyper-converged! · oVirt and its Architecture oVirt is a virtualization platform to manage virtual machines, storage and networks Engine (ovirt-engine) Manages

Documents

Ovirt Server Suite

Ovirt Server Suite

Documents

OVirt 3.0 Installation Guide en US

OVirt 3.0 Installation Guide en US

Documents

Ovirt Storage Overview

Ovirt Storage Overview

Documents

Support oVirt on Ubuntu

Support oVirt on Ubuntu

Documents

oVirt and its community · oVirt and its community Sandro Bonazzola oVirt Release, Node, Integration Manager Manager, software engineering, EMEA R&D RHV October 2019 This presentation

oVirt and its community · oVirt and its community Sandro Bonazzola oVirt Release, Node, Integration Manager Manager, software engineering, EMEA R&D RHV October 2019 This presentation

Documents

oVirt Introduction

oVirt Introduction

Technology

oVirt Updates - Kernel-based Virtual Machine · How to create and provision an oVirt VM with Ansible oVirt works with samba oVirt Developer Summit, Oct 2013 10 UI …

oVirt Updates - Kernel-based Virtual Machine · How to create and provision an oVirt VM with Ansible oVirt works with samba oVirt Developer Summit, Oct 2013 10 UI …

Documents