Enhance Virtualization Stack with Intel CET and MPX

In the cloud, virtualization stack provides the basic capability to isolate multiple VMs. In past years, VM escape became the real threat. Malicious VM can utilize 0-day in virtualization stack to break the isolation. Intel CET is a new CPU feature to prevent ROP exploit, and MPX is a CPU feature to prevent buffer overflow. This session will show how to enhance virtualization stack utilizing CET/MPX.

Learning Objectives:
1: Understand VM escape details and threats in virtualization stack.
2: Learn about CET and MPX details.
3: Learn novel approach to protect virtualization stack with CET/MPX features.



Xiaoning Li Chief Security Architect, Alibaba Cloud

← View more Videos

This document was retrieved from on Sun, 26 May 2019 23:53:05 -0400.