2. 2
360 Marvel Team
As the first virtualization security team in China, 360 marvel team focus on attack and
defence technology on virtualization and cloud platforms, aiming to lead the reaearch on
vulnerability mining and defecing on these platform, providing tools and solutions for mian
stream hypervisors:
● Virtualization fuzz framework.
● Guest OS escape tools.
-Support Docker, Xen,KVM,VMware
● Hypervisor strengthen solutions
-block Guest OS escape
-Scan Guest OS agentless
11. 11
• More underlying target
• More Particular of Test Data
Features of Virtualization Vulnerability
Mining
IE
flash
server
System
Kernel
Hypervisor
12. 12
• Unconventional method
HOOK Driver function
Change Kernel files.
• Relate to the context
Test Pocess of Emulation Device
25. 25
Principle of QEMU
User
Space • Send
Kernel
Space
• Syscall
• tcp_*
• ip_*
• dev_*
• e1000_*
Device
Emulator
• Network devices
• hub
• slirp
APP
APP
APP
Network Devices
Kernel
26. 26
• Initialization
Port Allocation,Address Mapping
Device Status Setting, Resource Allocation
• Data Transfer
'Write Command' to device TDT register
process of descriptor
3 types descripror:context,data,legacy
data xfer
set status,wait for next instruction
• Processing Details
Circular Memory
TSO:tcp segmentation/flow control.
Principle of Network Device