LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citrix Systems UK Ltd
Post on 20-May-2015
783 Views
Preview:
DESCRIPTION
Transcript
Security in the Cloud: Xen, KVM, Containers
Or, Surviving and the Zombie Apocalypse
–Dan Walsh (Mr. SELinux)
“Some people make the mistake of thinking of containers as a better and faster way of running virtual machines. From a security
point of view, containers are much weaker.”
–James Bottomley, Linux Maintainer and Parallels CTO
“There's contentions all over the place that containers are not actually as secure as hypervisors. This is not really true. Parallels and Virtuozo, we've been running secure containers for at least 10
years.”
–Jerome Petazzoni, Senior Software Engineer at Docker
“Virtual Machines might be more secure today, but containers are definitely catching up.”
–Theo de Raadt, OpenBSD project lead
“You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write
operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without
security holes.”
"Some people make the mistake of thinking of containers as a better and faster way of running virtual machines. From a security point of view, containers are
much weaker." -Dan Walsh
"There's contentions all over the place that containers are not actually as secure as hypervisors. This is not really true. Parallels and Virtuozo, we've been running
secure containers for at least 10 years.” -James Bottomley
"Virtual Machines might be more secure today, but containers are definitely catching up." -Jerome Petazzoni
"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without
security holes, can then turn around and suddenly write virtualization layers without security holes." -Theo de Raadt
Who am I?
What I’m going to talk about
Security and Risk
Vulnerabilities and Exploits
A vulnerability is a mistake.
Configuration vulnerabilities
Software vulnerabilities
Intel SYSRET
Zombie Apocalypse.
Every window is an opportunity to make a mistake
Every element of every interface is an opportunity to make a mistake
But does this really matter?
Would this affect a system configured reasonably for security?
Xen: Access to HV memory >5TiB during migration
Xen: Unsecured PV console parameters
Xen: 1 year, 1-4 known vulnerabilities
KVM: Escalation in vhost
KVM: PUSHA instruction emulation
KVM: vcpu hypercall boundary check
KVM: vlapic shared page crossing a page boundary
KVM: 1 year, 4 solid vulnerabilities
qemu: VMWare emulated device
qemu: virtio-net mac address update
qemu: 1 year, 2 known vulnerabilities
Linux: ping
Linux: tty race condition
Linux: ptrace and SYSRET
Linux: AIO, arbitrary read of kernel memory
Linux: Futex not checking if two pointers were different (2)
Linux: AMD math coprocessor
Linux: 2 months, 6 vulnerabilities
Hypervisors: Low (but not zero) risk
General-purpose containers: Not so good
Application-specific containers + seccomp2?
Questions?
top related