O'Reilly logo

Cloud Security Automation by Prashant Priyam

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing  KVM

For a KVM hypervisor, we enable security using compiler hardening. The current generation compilers come with a variety of compile-time options to improve the security of the resulting binaries.

KVM features include the following:

  • Relocation read-only (RELRO): This hardens the data section of an executable. It also has two types, Full RELRO and Partial RELRO. For QEMU, Full RELRO is the best choice. This will enable the global offset table to be read-only and place various internal data sections before the program data section in the resulting executable.
  • Stack measurement: This positions values on the stack and verifies their presence to help prevent buffer overflow attacks.
  • Never Execute (NX): This is also known as Data Execution ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required