24-28 August 2020
US/Pacific timezone

Protected KVM: Memory protection of KVM guests in Android

24 Aug 2020, 10:30
15m
Microconference2/Virtual-Room (LPC 2020)

Microconference2/Virtual-Room

LPC 2020

150
Android MC Android MC

Speaker

Quentin Perret (Google)

Description

This talk outlines a proposal to re-factor and extend the arm64/KVM implementation in order to enable the execution of guest VMs in memory carveouts protected from the host kernel, as well as potential use-cases in the Android world. Using this architecture, we intend to remove the host kernel from the Trusted Computing Base, hence protecting guest secrets, such as private user data, against attacks targeting the host.

I agree to abide by the anti-harassment policy I agree

Presentation Materials