Demystifying SR-IOV Vulnerability Hunting | Joseph Tartaro

August 9 | 2:00pm - 3:00pm

ABSTRACT:

Traditional PCIe attack surface was limited to DMA attacks on local hosts by physical attackers. SR-IOV (Single Root IO Virtualization), an extension to the PCI Express specification, allocates physical hardware resources to virtualized guests creating a new attack surface for cloud environments.

Our team has developed specialized fuzzers for various pieces of SR-IOV capable hardware in cloud environments. This includes implementing fully in-house developed drivers to initialize hardware and obtain maximum coverage for fuzz cases. We will cover the intricacies of SR-IOV, our fuzzer development methodology and showcase our roadmap of lessons learned and success with hundreds of different crashes across various pieces of hardware.

Joseph Tartaro, Principal Security Consultant

Joseph Tartaro is a highly experienced security consultant at IOActive, where he proves his talents working with clients on network and application penetration tests. Joseph is highly experienced with a wide range of security practices, from technical to physical, and is passionate about hardware hacking, programming, and all manners of exploitations.

A specialist in adversary emulation, Joseph diligently researches security industry trends, vulnerabilities, tools, and techniques. As a member of telephreak, he helps manage a VoIP PBX system for free public conferencing and communication. In his free time, he enjoys working on emulations and ROM hacking of retro video games.