Virtualization Technology News and Information
BlueHat v6 Security Summit Tackles Virtualization

The fall Microsoft BlueHat Security Briefings event will be held on September 27 and 28, 2007 in Redmond and should have a partial focus on our favorite subject, virtualization.  Microsoft insiders are expected to debate security topics as well as the risks of virtualization technology. 

Microsoft's Andrew Cushman said that BlueHat speakers would include leading external security researchers in addition to internal Microsoft engineers and that they would "pierce the security veil of virtualization and process isolation".  Andrew stated in one of his previous blog entries that the goals of BlueHat are:

  • To expose senior product leaders and front line engineers to the threats and attack tools and methodologies used in the real world. Take the security threat from the theoretical/intellectual level of, ”I understand what a buffer overflow is”, to “OMG that’s what it’s like.”  BlueHat connects with execs and engineers at a visceral level and *really* brings the message home…
  • To expose security researchers (and the security community) to Microsoft engineers and business leaders… BlueHat gives us a chance to open up on our home turf and gives the researchers an opportunity to interact with all levels of the organization. They too get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security.

BlueHat is a closed door conference for Microsoft product teams, but BlueHat v6 is going to be opened up "a little".  Some information about the conference is going to be made available before it starts, with more information to follow as the conference takes place.

Two sessions listed already include:

Security Trade-Offs and Pitfalls in Virtualized Platforms - Depending on who you ask, platform virtualization (a la Virtual Server, VMWare, Xen) is useful, cost-effective, sexy, or all of the above. So it's no surprise that the world is migrating to virtualized environments in droves; however, in doing so, has anyone really considered the security trade-offs? How well are virtual guest machines compartmentalized/segregated from each other? Looking beyond single one-off vulnerabilities (although those do exist!), this talk will explore various under-discussed problems on how current virtualization and compartmentalization implementations are not as rigid and secure as everyone would hope. In some cases, the move to virtualized platforms has us coming full-circle back to many insecurities that were solved/mitigated long ago in equivalent non-virtual components. This talk will encompass multiple virtualization products, and will focus on simple, practical areas of concern (network problems, abuse of product features, etc.). Basic ethernet networking knowledge is recommended for portions of this talk; low-level hardware topics relating to virtualization (CPU capabilities/abuses, memory management) will not be addressed.

Malware, Isolation and Security Boundaries: It’s Harder Than It Looks - Just about everyone thinks they know the solution to the malware problem, whether it is virtual machines, light-weight virtualization, integrated user accounts, or new integrity levels. Unfortunately, user experience, application compatibility, and the end-user desire to move data in and out of a sandbox all conspire to wreck the value of such schemes. In this session, you’ll learn what constitutes a security boundary, get a tour through core Windows technologies, including user sessions, Code Integrity, PatchGuard, Service Security Hardening, and User Account Control, to gain an understanding of where Windows currently defines such boundaries, and gain insight into the opportunities and challenges that are guiding Windows long-term OS and application security and isolation strategy.

Published Sunday, September 23, 2007 9:38 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2007>