Escape From The Docker-KVM-QEMU Machine


KVM-Qemu and Docker containers are important components of virtualization technology and are widely used by mainstream cloud vendors.

KVM-Qemu is a full virtualization solution for Linux on x86 hardware which contains virtualization extensions (Intel VT or AMD-V) and devices emulated by QEMU in user components. Docker is an open-source and light-weight project that automates the development of applications inside software containers by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux servers. However, any vulnerabilities in these components will bring huge security risks to cloud computing system.

During this talk we will break the session down into two parts – in Part 1, Shengping Wang we will cover Docker escape technologies which involves the following aspects:

  1. Docker’s implementation principles
  2. Exploitation of Linux kernel vulnerabilities
  3. Container escape technology
  4. New methods of escape under the latest version of Docker
  5. Some amazing operations to kernel objects

We will show step-by-step how hackers can launch escape attacks and finally control the host to execute any command they want by utilizing Docker’s features and existing Linux kernel vulnerabilities.

In Part 2, Xu Liu will talk about QEMU escape technology in which the following topics (and more) will be covered:

  1. Analysis of memory layout of QEMU process under QEMU + KVM environment
  2. Several amazing security vulnerabilities of QEMU device emulator which were found by 360 Marvel Team
  3. How to escape from the virtual machine by making use of the vulnerabilities and special memory mapping features
  4. Other useful vulnerability exploitation methods of QEMU software.

This talk is brand-new and includes never before published material.

Location: Track 1 Date: May 26, 2016 Time: 11:45 am - 12:45 pm Shengping Wang Xu Liu