Loading…
Attending this event?
Back To Schedule
Wednesday, October 28 • 18:30 - 19:20
KVM Address Space Isolation - Alexandre Chartre, Oracle

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Log in to leave feedback.
First investigations about Kernel Address Space Isolation (ASI) were presented at Linux Plumber and KVM Forum last year. Kernel Address Space Isolation aims to mitigate some cpu hyper-threading data leaks possible with speculative execution attacks (like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS)). In particular, Kernel Address Space Isolation will provide a separate kernel address space for KVM when running virtual machines, in order to protect against a malicious guest VM attacking the host kernel using speculative execution attacks.

Several RFCs for implementing this solution have been submitted. This presentation will describe the current state of the Kernel Address Space Isolation proposal with focusing on its usage with KVM, in particular the page table mapping requirements and the performance impact.

Speakers
avatar for Ofir Weisse

Ofir Weisse

Senior Software Engineer, Google
Ofir is a senior software engineer at the Google Cloud kernel team. His work focuses on providing better security for the cloud without compromising performance. Ofir received his PhD from the University of Michigan, where his research focused on micro-architecture and security. His... Read More →
AC

Alexandre Chartre

Consulting Developer, Oracle
Alexandre Chartre is a Consulting Developer in the Linux and Virtualization engineering team at Oracle. Lately, he has been focusing on security issues on Linux, in particular on Spectre and Meltdown issues (and all variants and derivatives) and their impact on virtualization and... Read More →



Wednesday October 28, 2020 18:30 - 19:20 GMT
KVM Theater
  OSS - KVM Forum Track
  • Technical Skill Level Any