University of Cambridge > > Technical Talks - Department of Computer Science and Technology  > HP: Click Happens: Using Hypervisors for threat containment

HP: Click Happens: Using Hypervisors for threat containment

Add to your list(s) Download to your calendar using vCal

  • UserIan Pratt, Global Head of Security, HP Inc
  • ClockMonday 08 March 2021, 13:05-13:55
  • HouseOnline.

If you have a question about this talk, please contact Ben Karniely.

With attack surfaces totalling many tens of millions of lines of code, common endpoint applications and operating systems pose an easy target for attackers. Users are easily duped into exposing their systems to attack through a variety of means such as malicious email/chat links and attachments, and poisoned web sites and downloads.

This talk looks at how a hypervisor can be used to radically improve the security of endpoint devices by robustly isolating user activities without changing the user experience. A new VM can be created for each task the user performs (clicking on a link, opening a document etc), and will have access to just the resources needed for that task and no more. The VM lives just for the duration of the task and can then be disposed of, with only explicitly expected changes persisted. Threats are thus contained and rendered harmless. Further, the hypervisor can be used to isolate user applications and data that are more trusted than the host operating system itself, providing confidentiality and integrity to the most critical tasks.

I will give an overview of some of the many technical challenges involved in building such a system and making it transparent to the end user. I will then relate our experiences securing the hypervisor itself, the lessons learned over two decades of security-critical hypervisor design that fed in to the current architecture and implementation.

This talk is part of the Technical Talks - Department of Computer Science and Technology series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2023, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity