The Xen Project has been a widely used virtualization platform powering some of the largest clouds in production today. Sitting directly on the hardware below any operating systems, the Xen hypervisor is responsible for the management of CPU/MMU and guest operating systems. Guest operating systems cound be controled to run in PV mode using paravirtualization technologies or HVM mode using hardware-assisted virtualization technologies.
Compare to HVM mode, PV mode guest OS kernel could recognize the existence of hypervisor and, thus, work normally via hypervisor inferfaces which are called hypercalls. While performing priviledged operations, PV mode guest OS would submit requests via hypercalls then the hypervisor do these operations for it after verifying its requests.
Inspired by Ouroboros, an ancient symbol with a snake bitting its tail, our team has found a critical verification bypass bug in Xen hypervisor and that will be used to tear the hypervisor a hole. With sepecific exploition vectors and payloads, malicious PV guest OS could control not only the hypervisor but also all other guest operating systems running on current platform.
Shangcong Luan is a security researcher with the Cloud Platform Security Teamof Alibaba who has found a series of security vulnerabilities in various kindsof systems and has worked mainly work in the field of APT defense. He nowfocuses on the security of virtualization and sandbox platforms. At Alibaba,Shangcong and his team have published several research papers on platformattack recognition, interception and security enhancements. He has also beeninvolved in research on weakness reduction policy and in finding criticalvulnerabilities in open source projects.