Security: Difference between revisions

Line 83:

* [http://blog.patapon.info/nixos-local-vm/ Updating NixOS local VMs] - Post demonstrating how to build and run a VM from a NixOS configuration and then update the configuration of the running VM on the fly.

* [https://archive.fosdem.org/2020/schedule/event/kernel_address_space_isolation/attachments/slides/3889/export/events/attachments/kernel_address_space_isolation/slides/3889/Address_Space_Isolation_in_the_Linux_Kernel.pdf 2020 IBM Presentation on Address Space Isolation in the Linux Kernel] - Containers within VMs are a norm for security in the cloud. Addressing ongoing work to improve isolation of containers and VMs.

* [https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html An EPYC escape: Case-study of a KVM breakout] - Detailing first known non-userspace vulnerability enabling guest-to-host breakout.

=== Networking ===

@@ Line 83: / Line 83: @@
 * [http://blog.patapon.info/nixos-local-vm/ Updating NixOS local VMs] - Post demonstrating how to build and run a VM from a NixOS configuration and then update the configuration of the running VM on the fly.
 * [https://archive.fosdem.org/2020/schedule/event/kernel_address_space_isolation/attachments/slides/3889/export/events/attachments/kernel_address_space_isolation/slides/3889/Address_Space_Isolation_in_the_Linux_Kernel.pdf 2020 IBM Presentation on Address Space Isolation in the Linux Kernel] - Containers within VMs are a norm for security in the cloud. Addressing ongoing work to improve isolation of containers and VMs.
+* [https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html An EPYC escape: Case-study of a KVM breakout] - Detailing first known non-userspace vulnerability enabling guest-to-host breakout.
 === Networking ===