Did not realize Hyper-V vulnerabilities were worth up to $250,000 (!). I guess because of Azure?
-
-
I *think* I am in the seccomp-strict camp here (for men corruption for sure). For side channels I would have to think really hard.
-
I think seccomp-strict and VM isolation with a minimal VMM (e.g. Windows Hypervisor Platform) approach similar levels of attack surface for mem corruption For side channels, consider the monolithic kernel address space (w/ multi-tenant data) & etc vs.https://techcommunity.microsoft.com/t5/virtualization/hyper-v-hyperclear-mitigation-for-l1-terminal-fault/ba-p/382429 …
- 8 more replies
New conversation -
-
-
Other things that come to mind: gVisor and NaCl. Say if you do NaCl with strict seccomp policy (basically, computations only)... I would probably trust it more than full VM virtualization.
-
Yep, agreed, in specific scenarios (e.g. seccomp strict profile + limited ipc) the attack surface for process isolation could be made much smaller. But even in this scenario, I think conventional OS kernel design is more difficult to defend against side channels
- 4 more replies
New conversation -
-
-
I’m coming around to WASM. A little embarrassed I used to brag about how few syscalls virt needed. Oh, vmexit is a syscall too. Not that virt isn’t also interesting!
-
It always depends what you’re piping *to*.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
My opinion is that the virtualization boundary is the strongest software security boundary that currently exists