In the cloud, virtualization stack provides the basic capability to isolate multiple VMs. In past years, VM escape became the real threat. Malicious VM can utilize 0-day in virtualization stack to break the isolation. Intel CET is a new CPU feature to prevent ROP exploit, and MPX is a CPU feature to prevent buffer overflow. This session will show how to enhance virtualization stack utilizing CET/MPX.
Learning Objectives: 1: Understand VM escape details and threats in virtualization stack. 2: Learn about CET and MPX details. 3: Learn novel approach to protect virtualization stack with CET/MPX features.