HySe – Hypervisor Security through Component-Wise Fuzzing

The security of the entire cloud ecosystem crucially depends on the isolation guarantees that hypervisors provide between guest VMs and the host system. The fact that the interfaces between the hypervisor and the host are manifold complicates these isolation guarantees. While there are well-known interfaces, such as those that virtual devices expose to the kernels running inside a guest VM, these interfaces also comprise functionality not necessarily triggered during “normal” operation of a VM. Investigators propose HySe, an approach to tackling the challenges imposed by a broader set of interfaces that hypervisors expose to guest VMs and users of cloud deployments.