This talk was given by Hongyan Xia & David Woodhouse of Amazon at the 2020 Xen Project Developer and Design Summit.
With the rising number of speculation vulnerabilities in CPUs, it is time we rethink the design of Xen and restrict the attack surface as much as possible to defend against potential vulnerabilities in the future (defense-in-depth). At this year’s Xen Summit, Hongyan Xia & David Woodhouse from Amazon, took viewers through ways to do this.
At the 2019 Xen Summit, Secret-Free hypervisor was proposed and provided a roadmap for the goal.
In this talk, we hear about one of the two major goals, direct map removal, and how it has been achieved in Xen.
Learn more about the steps necessary to remove the direct map, and how this can be achieved in a practical and much less intrusive way. Running Xen without Direct Map results in the ability to remove a major attack surface with negligible performance impact.
Check out the full presentation:
https://www.youtube.com/watch?v=RKJOwIkCnB4&list=PLYyw7IQjL-zFYmEoZEYswoVuXrHvXAWxj&index=5
