- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Securing Interrupt Delivery for SEV-SNP Guests by Melody (Huibo) Wang
While almost all VM operating systems support interrupt and exception handling, some operating system may have certain built-in assumptions about interrupt behavior based on bare-metal hardware. A malicious hypervisor can break down these assumptions and put guest drivers or guest OS kernels into an unexpected state which could lead to a security issue.
To address this concern, SEV-SNP supports features to protect the guest against malicious injection attacks. The preferred method is Restricted Injection, but this was rejected by upstream. This talk introduces another approach, the Alternate Injection feature of SEV-SNP, which will use Secure VM Service Module (SVSM), and APIC emulation in the SVSM to secure interrupt delivery into an SEV-SNP guest.
---
Melody (Huibo) Wang
Melody works for AMD in the Linux kernel team on secure virtualization. Currently she is working on implementing alternate injection for SEV-SNP virtual machines. In the past, Melody had worked on the security of trusted execution environment, including AMD SEV series and Intel SGX. She was specializing in computer system security and privacy, including cloud computing, blockchain, and data privacy.
Видео Securing Interrupt Delivery for SEV-SNP Guests by Melody (Huibo) Wang канала KVM Forum
To address this concern, SEV-SNP supports features to protect the guest against malicious injection attacks. The preferred method is Restricted Injection, but this was rejected by upstream. This talk introduces another approach, the Alternate Injection feature of SEV-SNP, which will use Secure VM Service Module (SVSM), and APIC emulation in the SVSM to secure interrupt delivery into an SEV-SNP guest.
---
Melody (Huibo) Wang
Melody works for AMD in the Linux kernel team on secure virtualization. Currently she is working on implementing alternate injection for SEV-SNP virtual machines. In the past, Melody had worked on the security of trusted execution environment, including AMD SEV series and Intel SGX. She was specializing in computer system security and privacy, including cloud computing, blockchain, and data privacy.
Видео Securing Interrupt Delivery for SEV-SNP Guests by Melody (Huibo) Wang канала KVM Forum
Комментарии отсутствуют
Информация о видео
24 сентября 2024 г. 18:45:55
00:24:54
Другие видео канала
![[2017] Fast Write-Protect and Fast Dirtylog-Bitmap Sync Up - Guangrong Xiao](https://i.ytimg.com/vi/kJt348q8OZQ/default.jpg)
[2017] Fast Write-Protect and Fast Dirtylog-Bitmap Sync Up - Guangrong Xiao
![[2020] Minimizing VMExits in Private Cloud by Aggressive PV IPI and Passthrough Timer](https://i.ytimg.com/vi/3Wdlokex3ao/default.jpg)
[2020] Minimizing VMExits in Private Cloud by Aggressive PV IPI and Passthrough Timer
Practical and efficient out-of-process storage backends by Kevin Wolf
![[2019] Firecracker: Lessons from the Trenches by Andreea Florescu and Alexandra Iordache](https://i.ytimg.com/vi/yULy6IFy49o/default.jpg)
[2019] Firecracker: Lessons from the Trenches by Andreea Florescu and Alexandra Iordache
![[2014] KVM on MIPS by James Hogan](https://i.ytimg.com/vi/Cgtvo04217I/default.jpg)
[2014] KVM on MIPS by James Hogan
![[2017] Qemu Backup by Vladimir Sementsov-Ogievskiy & Maxim Nestratov](https://i.ytimg.com/vi/Mp0ATSdxtUY/default.jpg)
[2017] Qemu Backup by Vladimir Sementsov-Ogievskiy & Maxim Nestratov
![[2017] vIOMMU/ARM: Full Emulation and virtio-iommu Approaches by Eric Auger](https://i.ytimg.com/vi/7aZAsanbKwI/default.jpg)
[2017] vIOMMU/ARM: Full Emulation and virtio-iommu Approaches by Eric Auger
Extending Secure Encrypted Virtualization with SEV-ES - Thomas Lendacky
Single-binary: Unify QEMU system binaries per target architecture by Pierrick Bouvier
IOMMU in rust-vmm, and new FUSE+VDUSE use cases by Hanna Czenczek & Eugenio Pérez
![[2014] Towards Multithreaded Device Emulation in QEMU by Stefan Hajnoczi](https://i.ytimg.com/vi/KVD9FVlbqmY/default.jpg)
[2014] Towards Multithreaded Device Emulation in QEMU by Stefan Hajnoczi
![[2017] Running Virtual Machines on Kubernetes with libvirt & KVM by Fabian Deutsch & Roman Mohr](https://i.ytimg.com/vi/Wh-ejUyuHJ0/default.jpg)
[2017] Running Virtual Machines on Kubernetes with libvirt & KVM by Fabian Deutsch & Roman Mohr
![[2015] qcow2: why (not)? by Max Reitz and Kevin Wolf](https://i.ytimg.com/vi/svMpxzl9yI4/default.jpg)
[2015] qcow2: why (not)? by Max Reitz and Kevin Wolf
Towards new migration protocol with unified channels by Prasad Pandit
KVM Forum 2013: RDMA Live Migration and RDMA Fault Tolerance by Michael Hines
"Hybrid" Nesting: KVM on Hyper-V by Vitaly Kuznetsov & Tianyu Lan
rust-vmm: updates, adoption, and future directions by Stefano Garzarella, uoqing He & Patrick Roy
Automatic Frontend Generation for RISC V Extensions by Anton Johansson
![[2016] Virtualization Developer Panel](https://i.ytimg.com/vi/S6Sjj6OtyvY/default.jpg)
[2016] Virtualization Developer Panel
![[2016] TCG Enhancements for PowerPC by Nikunj Dadhania](https://i.ytimg.com/vi/lOOcCiGzpOY/default.jpg)
[2016] TCG Enhancements for PowerPC by Nikunj Dadhania
Virtualizing Arm TrustZone on KVM by Chun Yen Lin & Shih-Wei Li
