Recent and Upcoming Security Trends in Cloud Low-level Hardware Devices A Survey.pdf

1、This talk presents IOActives insights into the security of NVMe-based SSDs and SR-IOV-enabled cards,calling upon our extensive experience testing these devices in a Cloud setup.The talk begins with a comprehensive analysis and taxonomy of common vulnerabilities and threats associated with NVMe-based

2、 SSDs and SR-IOV-enabled cards.From there,we discuss the devices current security posture and the implications for Cloud security and highlight potential future trends,including emerging flaws and how to improve upon the state-of-the-art.Finally,we extrapolate a curated,archetypal threat model based

3、 on our hands-on experience and the concerns Cloud providers and vendors have expressedto us when security testing their devices.In the OCP S.A.F.E.context,this contribution can help hardware suppliers and Cloud providers alike,offering guidelines for defining secure development efforts as well as s

4、ecurity testing scope and approaches.Recent and Upcoming Security Trends in Cloud Low-level Hardware Devices:A SurveySean Rivera,Senior Security Consultant,IOActiveAlfredo Pironti,Director of Services,IOActiveRecent and Upcoming Security Trends in Cloud Low-level Hardware Devices:A SurveySECURITY AN

5、D DATA PROTECTIONSECURITYNVMe Attack Surface EvolutionCurrent Vulnerabilities&ImpactVulnerability AnalysisThreats in DesignThreats in ImplementationThreats in ProcessThreat ModelConclusionsContentsCloud security is about concealing shared resourcesMultiplexing underpins the Cloud and causes many iss

6、uesThe trend is to move virtualization down the abstraction stackCase in point:NVMe NVMe is a story in increasing capabilitiesMore capabilities means vulnerabilities NVMe Attack Surface EvolutionNVMe Released(2011)First NVMe Products(2014)NVMe-oF(2016)NVMe 1.4 Persistence(2019)CVE-2023-0122 Linux Is