Mickaël Salaün
Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the maintainer. He previously worked for the French national cybersecurity agency (ANSSI) on systems hardening. He is currently employed by Microsoft to work on Linux-related security projects.
Session
Virtual Secure Mode is a Hyper-V mechanism to enforce restrictions on a VM (VTL0) thanks to a dedicated sidecar VM (VTL1). This enables guest kernels to drop privileges and limit attackers' ability to get full kernel rights.
KVM is gaining VSM support with the Hyper-V emulation layer. We're working on creating a hybrid KVM guest that could use some Hyper-V hypercalls, especially those related to VSM. We'd like to talk about our approach to creating this hybrid guest.