You Are Doing It Wrong: Failures In Virtualization Systems presented at Blackhat Europe 2011

by Claudio Criscione (secure network ),

Tags: Security

Summary : In this talk we explore modern enterprise virtualization and cloud computing systems, discussing why and how most of these infrastructures are still vulnerable to attacks which are years old.
XSS, CSRF, Shell Escape, unsafe connections: you name it. A corpus of knowledge is already in the public domain, but it has never been organized and reviewed in an orderly, reasoned reading.
Leveraging the exploiting capabilities of VASTO (the Virtualization ASsessment TOolkit),we will attack various commercial products, also going through cloud computing solutions and looking at what is good and what is not so good in virtualization security today.
From all these single exploits we will derive lessons we need to learn on how we design and implement virtualization environments, and how we think about their security. This will be a call to action for new security means and approaches.
For if we are still vulnerable to these attacks, we're doing it wrong!