Loading…
DevConf.US 2020 has ended
Registration is now OPEN! Please register as soon as possible! https://hopin.to/events/devconf-us

DevConf.US 2020 is the 3rd annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to a web browser near you!
Back To Schedule
Thursday, September 24 • 14:05 - 14:25
Reshaping (input) Space to Fuzz the Cloud's Virtualization Layer

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!



The market for public cloud platforms is valued in the hundreds of billions of dollars. Hypervisors form the backbone of the cloud and are, therefore, security-critical applications which are attractive targets for attackers. Fuzzing is a widely-adopted technique for automated software testing based on randomly-provided inputs. As testament to their success, fuzzers have found thousands of bugs in the Linux kernel.  Unfortunately, it is difficult to apply simple fuzzing techniques to the virtualization-layer, as hypervisors expose a massive input space which includes the entirety of the VM's memory. In this talk, I will present my research on making cloud virtual devices amenable to fuzzing. I will explain how we implemented fuzzing for the popular open-source QEMU hypervisor, where it has already led to dozens of bugs reports.



Speakers

Thursday September 24, 2020 14:05 - 14:25 EDT
Belly Virtual

Attendees (4)