The use of virtual machines has definitely seen a rise in the last couple of years and why not? The idea of running multiple operating systems concurrently (for all practical purposes) is so intriguing, that almost all of us would have gotten our hands dirty with them at least once.

Of course, all the flexibility does not come free. It has its own set of associated risks which unfortunately not most people know of. This is where D.J Capelis stepped forward and made a very thought provoking presentation at Defcon 15 this year.

In this presentation DJ talks about the various security lapses in VM machines and discusses a couple of possible attack vectors which could be used in the future by attackers. He discusses shared hardware attacks, covert channels, various shared networking issues and live migration flaws which can be exploited.

 

D.J. Capelis is a student and researcher at the University of California, San Diego. He does research on processor design, secure systems and dabbles in cryptography. For a "real job" he is an active member of UCSD's Data Security Team teaching computers how to tell when users are being mean. D.J. also maintains the team's virtualized testing and development environment. In his free time, he tends to show up at 2600 meetings and other food-related events where he plays with his OLPC development board and does platform-related work on Blender

If you are interested in adding a text or video tutorial to this page, then please visit the contribute page for guidelines.