KVM-Qemu and Docker containers are important components of virtualization technology and are widely used by mainstream cloud vendors.
KVM-Qemu is a full virtualization solution for Linux on x86 hardware which contains virtualization extensions (Intel VT or AMD-V) and devices emulated by QEMU in user components. Docker is an open-source and light-weight project that automates the development of applications inside software containers by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux servers. However, any vulnerabilities in these components will bring huge security risks to cloud computing system.
During this talk we will break the session down into two parts – in Part 1, Shengping Wang we will cover Docker escape technologies which involves the following aspects:
We will show step-by-step how hackers can launch escape attacks and finally control the host to execute any command they want by utilizing Docker’s features and existing Linux kernel vulnerabilities.
In Part 2, Xu Liu will talk about QEMU escape technology in which the following topics (and more) will be covered:
This talk is brand-new and includes never before published material.