fuzzing virtual devices in hypervisors · 2020-04-29 · openstack ovirt boxes virtualization made...
TRANSCRIPT
Fuzzing Virtual Devices in Hypervisors
Alexander Bulekov
1
PhD Student @ BU SeclabIntern @ Red Hat
A
B
C
A B C
D
2
Hardware
OS / Hypervisor
Guest OS
Apps
Guest OS
Apps
Guest OS
Apps
Guest OS
Apps
3
Virtual Devices
Virtual Machines: Targets for Attackers
4
RAM
Port IO MMIO DMA 5
6
RAM ? ?
Port IO MMIO DMA
How can we efficiently provide inputs to such a large IO space?
We leverage the Hypervisor Memory Access API
Enumerate all IO regions directly mapped to virtual devices.
Hook DMA accesses from virtual devices.
7
8
Cov
erag
e
Executions
9
Fuzz Some Device Configurations...
10
Inspect the Fuzzer’s Coverage...
11
Identify Challenges and Adjust the Fuzzer ...
We have already found, reported and fixed bugs in devices such as virtio-net, virtio-scsi,
virtio-blk , char/serial, MegaRAID. More on the way...
12
Most of our work is already upstream!
13
Thank you to my mentors at Red Hat!
Bandan DasPaolo BonziniStefan Hajnoczi
[email protected] on irc.oftc.net
14