1. Moscone South 314

In the cloud, virtualization stack provides the basic capability to isolate multiple VMs. In past years, VM escape became the real threat. Malicious VM can utilize 0-day in virtualization stack to break the isolation. Intel CET is a new CPU feature to prevent ROP exploit, and MPX is a CPU feature to prevent buffer overflow. This session will show how to enhance virtualization stack utilizing CET/MPX.

Learning Objectives:
1: Understand VM escape details and threats in virtualization stack.
2: Learn about CET and MPX details.
3: Learn novel approach to protect virtualization stack with CET/MPX features.

Download pdf
Participants: