Poacher turned gamekeeper: Lessons learned from eight years of breaking hypervisors Type 1 and Type 2 attack surface

Summary Hypervisors have become a key element of both cloud and client computing. It is without doubt that hypervisors are going to be commonplace in future devices, and play an important role in the security industry. In this paper, we discuss in detail the various lessons learnt whilst building and breaking various common hypervisors. In particular, we take a trip down memory lane and examine a few vulnerabilities found in popular hypervisors that have led to break-outs, trying to offer a generic mitigation when possible. To add some spice, we will talk about details of four not-yet-discussed vulnerabilities we recently discovered in VirtualBox, and examine DMA attacks against DeepSafe. Scope There is a plethora of various hypervisor solutions available nowadays. Some of them are designed from the scratch with security in mind, and e.g. use formal verification to provide assurance about their security. As those solutions are not the mainstream today, in this paper we will focus on the popular commercial virtualization software used commonly nowadays. One of the solution (DeepSafe) is very different from the others, and will be covered in the later part of the paper. We will start with discussion about common Type 1 and Type 2 hypervisors; Xen, VirtualBox, VMWare, ESX, HyperV all belong to these two categories