KVM Forum 2018: Security in QEMU: How Virtual Machines P...

October 24-26, 2018 - Edinburgh, Scotland, UK
Click Here For Information & Registration

Security in QEMU: How Virtual Machines Provide Isolation - Stefan Hajnoczi, Red Hat

Is it safe to use QEMU to do X? This talk explains the security model and use cases that QEMU is designed for.

Understanding the security model is critical for deploying virtual machines as well as contributing code to QEMU. This talk gives an overview of the attack surfaces, including emulated devices, the monitor, remote desktop, disk images, and the CPU accelerators.

Virtual machines offer isolation from each other and the host if QEMU is configured properly. Most of these best practices are encapsulated in libvirt, but not all users choose to use it, so it is worth understanding them.

Finally, no discussion of security in QEMU would be complete without reviewing CVEs and the lessons learnt from them.

Speakers

Stefan Hajnoczi

Senior Principle Software Engineer, Red Hat

Stefan has been active in QEMU since 2010 and works in Red Hat's virtualization team with a focus on storage. He works on virtio drivers in Linux and helps maintain the block layer and tracing in QEMU. He also organizes and mentors in the Google Summer of Code and Outreachy internship... Read More →

Wednesday October 24, 2018 12:05 - 12:45
Lowther Suite

OSS - KVM Forum Track

KVM Forum 2018

Sign up or log in to save this to your schedule and see who's attending!

Stefan Hajnoczi