Shulou(Shulou.com)11/24 Report--

A few days ago, the Pwnie Awards Awards, known as the global "security Oscars", were unveiled. Ant Group's Ant Security Skydome Lab and Lightyear Lab won the best rights loophole award, representing Ant Group on the podium of the world's highest award for white hat hackers. This also means that the global industry highly recognizes the research achievements of ant safety science and technology.

(photo: the Pwnie Awards Award is announced, and the researcher of Ant Safety Laboratory is on the list)

The Pwnie Awards Award, founded in 2007, is a major award for information security workers with significant and outstanding research results, judged by respected authoritative security experts around the world. For information security workers around the world, only being nominated means that their research results have worldwide influence, and winning the crown is an absolute symbol of technological strength. In the past 16 years, only five safety research achievements in China have won awards. More than 80 projects have been submitted worldwide this year, and finally more than 30 outstanding projects have been nominated for 11 awards, each of which is an important breakthrough in the field of global security.

Ant Security Lab researchers Jiang Yuhao (@ danis_jiang) and Ying Xinlei (@ 0x140ce) won the best rights loophole award for their research "URB Excalibur: cracking the Goldie knot of VMware virtual machine escape", according to the official Pwnie Awards. Through the research results, we can successfully complete the "virtual machine escape" in all the virtualization products of the global virtualization leading manufacturer VMware, and realize the attack and control of the "host".

"virtual machine escape" is recognized as an ultra-high-tech challenge in the field of network security. In recent years, more and more enterprises put their business on the cloud, and virtualization technology has become the core technology support in the era of cloud computing. It is equivalent to adding a virtualization platform between a single hardware resource and the operating system, which can install and run multiple virtual machines regardless of whether the hardware is compatible or not, so that users can use computer resources more flexibly and efficiently. Physical servers in the real world are called hosts.

In the era of cloud computing, each host can carry thousands of virtual machines to store and run huge amounts of data. Generally speaking, these virtual machines are completely independent and isolated from the data and permissions of the host, so they are relatively safe and reliable. But once the operation in the virtual machine causes the host to be controlled, it will be a major security event. "virtual machine escape" is the use of discovered loopholes in virtualization products, which not only breaks through the restrictions of the host on the virtual machine, but also takes advantage of the opportunity to find and control the entire host. The research results preview the potential vulnerabilities of virtualization products in advance and contribute to the improvement of the global network security water level.

In recent years, China has accelerated the construction of digital security barriers and digital technology innovation system to comprehensively deal with new risks and challenges. According to the Safety Science and Technology Patent Analysis report of IPRdaily, an authoritative intellectual property institution, the total number of patents for safety science and technology inventions in China ranks first in the world, with Ant Group, Huawei, Tencent and other Chinese science and technology enterprises in the forefront of the world. Take Ant Group as an example, over the years, it has made a comprehensive layout in the fields of payment risk control, anti-money laundering, anti-fraud, data security and privacy protection, and has built a set of world-leading intelligent risk control system, realizing world-class problems such as intelligence, initiative, predictability and privacy protection of risk control, not only supporting Alipay's asset loss rate of less than 1/100000000 for three consecutive years, but also ensuring the digital service experience of more than a billion people.

According to public data, Ant Group has nine safety laboratories, of which Sky Dome Lab focuses on risk confrontation, Lightyear Lab focuses on basic attack and defense research, and Lightyear Lab belongs to Sky Dome Laboratory. Sky Dome Lab has established a set of world-leading intelligent risk mining and risk attack and defense technology system, which can achieve multi-dimensional intelligent vulnerability mining, automatic continuous risk verification, etc., and then improve the security defense system. The laboratory has repeatedly won thanks from its counterparts at home and abroad for its "white hat" contribution, won more than 10 championships in top security competitions at home and abroad, and repeatedly released high-quality research results on heavyweight stages such as ACM CCS, Blackhat USA / EU / Asia.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.