Dynamic VM Monitoring using Hypervisor Probes
|
|
- Sheryl Ford
- 8 years ago
- Views:
Transcription
1 Dynamic VM Monitoring using Hypervisor Probes Z. J. Estrada, C. Pham, F. Deng, L. Yan, Z. Kalbarczyk, R. K. Iyer European Dependable Computing Conference
2 Dynamic VM Monitoring Goal On-demand VM Monitoring to reduce the effort required to harden computing systems against failures and attacks. Uptime requirements Effort required QA concerns Lack of knowledge 2
3 VM Monitoring Reliability & Security Monitoring Recording and analyzing a computer system to detect failures and attacks. Passive - polling based Active - event based 3
4 VM Monitoring 4
5 VM Monitoring 4
6 VM Monitoring 4
7 VM Monitor Monitor is running inside the hypervisor 5
8 VM Monitor VM execution reaches a hook 5
9 VM Monitor Control is transferred to the monitor 5
10 VM Monitor The monitor performs its monitoring function 5
11 VM Monitor Control is transferred back to the VM 5
12 VM Monitor The VM resumes normal execution 5
13 Hook-Based VM Monitoring Previous techniques: + Active monitoring + Protected hooks Guest OS only - no userspace Not dynamic - boot time config Require guest OS modifications 6
14 Goals Hook-based monitoring should: + be protected from attacks in the VM + be simple to use + not require guest OS modification + be runtime adaptable + allow for arbitrary hook placement 7
15 Hypervisor Probes 8
16 Hardware Assisted Virt. Host Mode (root) Guest Mode (non-root) User Kernel VMEntry VMExit User Kernel 9
17 Hypervisor Probes Event on guest execution Event transfers control to hypervisor (VM Exit) Perform monitoring after that event Hooks added/removed at runtime Monitors applications and the guest OS 10
18 Hprobe Architecture Status Checker Host System Hprobe user agent Probe Probe VM Probe Set/Remove probes Detector 1 Detector 2 Detector n ioctl( ) Hprobe Kernel agent Insert/Remove probes Set single step Host Linux kernel Event Forwarder Helper APIs KVM Hypervisor 11
19 Hprobes API int HPROBE_add_probe( ); int HPROBE_remove_probe( ); addr info: gva+cr3 vmid: unique id for VM vcpu type: vcpu state 12
20 Probe Event Forwarder VM Hypervisor... pushl %eax incl %eax decl %ebx... 13
21 Probe Event Forwarder VM Hypervisor... pushl %eax int3 decl %ebx... 13
22 Probe Event Forwarder... pushl %eax int3 decl %ebx... VM probe hit (int3) Hypervisor handler() Detector 13
23 Probe Event Forwarder VM probe hit (int3) Hypervisor handler() Reset inst.... pushl %eax incl %eax decl %ebx... 13
24 Probe Event Forwarder... pushl %eax incl %eax decl %ebx... VM probe hit (int3) execute inst. Hypervisor handler() Reset inst. single step 13
25 Probe Event Forwarder... pushl %eax int3 decl %ebx... VM probe hit (int3) execute inst. trap Hypervisor handler() Reset inst. single step rewrite int3 13
26 Probe Event Forwarder... pushl %eax int3 decl %ebx... VM probe hit (int3) execute inst. trap Hypervisor handler() Reset inst. single step rewrite int3... resume 13
27 Userspace Probe Challenge Guest Page Tables 14
28 Userspace Probe Challenge Guest Page Tables 14
29 Userspace Probe Challenge Guest Page Tables 14
30 Extended Page Tables (EPT) [1] Guest OS has full control over PTs 2nd set of HW PTs for GPA HPA Use EPT to write-protect Guest Page Table [1] 4/VT roadmap d Nakajima.pdf 15
31 Goals Hook-based monitoring should: + be protected from attacks in the VM + be simple to use + not require guest OS modification + be runtime adaptable + allow for arbitrary hook placement 16
32 Goals Hook-based monitoring should: be protected from attacks in the VM + be simple to use + not require guest OS modification + be runtime adaptable + allow for arbitrary hook placement 16
33 Goals Hook-based monitoring should: be protected from attacks in the VM be simple to use + not require guest OS modification + be runtime adaptable + allow for arbitrary hook placement 16
34 Goals Hook-based monitoring should: be protected from attacks in the VM be simple to use not require guest OS modification + be runtime adaptable + allow for arbitrary hook placement 16
35 Goals Hook-based monitoring should: be protected from attacks in the VM be simple to use not require guest OS modification be runtime adaptable + allow for arbitrary hook placement 16
36 Goals Hook-based monitoring should: be protected from attacks in the VM be simple to use not require guest OS modification be runtime adaptable allow for arbitrary hook placement 16
37 Hprobe Microbenchmarks noop kernel function execute 1M times VM kernel insert probe Hypervisor kernel start/stop hypercall record time user user [2] [2] Adapted from an image by Fei Deng 17
38 4.5 Hprobe Single Probe Latency 4.0 Time (µs) GHz E5430 Harpertown (2007) GHz E Sandy Bridge (2012) 18
39 Hook-based VM Monitoring Name Latency User Dynamic Modifications Lares 28µs No No Hypervisor/Guest SIM 0.40µs No No Hypervisor/Guest hprobes 2.6µs Yes Yes Hypervisor 19
40 Hook-based VM Monitoring Name Latency User Dynamic Modifications Lares 28µs No No Hypervisor/Guest SIM 0.40µs No No Hypervisor/Guest hprobes 2.6µs Yes Yes Hypervisor as-a-service is worth slight performance cost 19
41 Detectors What detectors can we build with hprobes? 20
42 Detectors What detectors can we build with hprobes? Arbitrarily chose events On-demand Access to VM memory & CPU state 20
43 Heartbeat/watchdog App Detector 21
44 Heartbeat/watchdog App Detector Insert Probe 21
45 Heartbeat/watchdog App Detector Insert Probe Probe Hit 21
46 Heartbeat/watchdog App Detector Insert Probe Probe Hit reset timer 21
47 Heartbeat/watchdog App Detector Insert Probe Probe Hit Probe Hit reset timer 21
48 Heartbeat/watchdog App Detector Insert Probe Probe Hit Probe Hit reset timer reset timer 21
49 Heartbeat/watchdog App Insert Probe Probe Hit Probe Hit Detector reset timer reset timer 21
50 Heartbeat/watchdog App Insert Probe Probe Hit Probe Hit Detector reset timer reset timer timer expires declare failure 21
51 Watchdog - Performance PI-QMC Main Loop Runtime No Detector With Detector Time (msec) x 2x 3x 4x 5x 6x 7x 8x 9x Internal Sample Loop Size 22
52 Detectors Infinite Loop Detector 23
53 Detectors Infinite Loop Detector Kernel or App-level Previously determined threshold Or register 23
54 Infinite Loop Detector for(i=0; i<10; i++) {... } //after loop 24
55 Infinite Loop Detector 1 st Probe (counter) for(i=0; i<10; i++) {... } //after loop 24
56 Infinite Loop Detector 1 st Probe (counter) 2 nd Probe (reset) for(i=0; i<10; i++) {... } //after loop 24
57 Without Infinite Loop Application Time (s) 95% CI (s) % overhead Normal N/A Naïve ILD - Page Naïve ILD - No Page Smart ILD - Page Smart ILD - No Page
58 Consider this situation 26
59 A vulnerability is announced 26
60 At a later time, a patch is released 26
61 What can we do?? 26
62 ? We may have to follow a maintenance window 26
63 ? Even when the bug and patch are coreleased 26
64 STOPGAP To mitigate risk, we would like a stopgap 26
65 STOPGAP Solution Use an Hprobe-based Detector 26
66 Emergency Detector Should be... easier than a patch simpler than a patch less disruptive than a patch less risky than a patch 27
67 Emergency Detector CVE Privilege Escalation in vmsplice() [3] Integer overflow in a struct iovec argument Corrupts OS (kernel) stack Execute attack payload struct iovec { void *iov_base; size_t iov_len; }; [3] aeb/linux/hh/hh-12.html#ss
68 Emergency Detector Added to running guest OS Detects malicious value that causes overflow Two modes of operation Read-only mode: does not change anything Fix mode: malicious value benign value 29
69 Emergency Detector Probe at vmsplice() syscall Get value of iov len off of the stack 30
70 Emergency Detector procedure VMSPLICE HANDLER(vcpu) iov pointer read guest(esp+arg offset) iov len read guest virt(iov pointer) if iov len BAD VALUE then HANDLE EXPLOIT ATTEMPT(vcpu) end if end procedure 31
71 Detector Performance Checkpoint/Restart In Userspace Two scientific computing applications Home Path-integral Quantum Monte Carlo Three cases: Normal: base case without monitoring hprobe: only monitor sys vmsplice Naïve: monitor all system calls 32
72 Detector Performance Application Runtime ± 95% CI (s) overhead (%) Normal ± F@H w/hprobe ± F@H w/naïve ± pi-qmc Normal ± pi-qmc w/hprobe ± pi-qmc w/naïve ±
73 Thoughts Zero overhead without vmsplice() Cloud provider doesn t need tenant to update Can be used while official fix is in QA Don t need full understanding of bug 34
74 VM Monitoring Techniques Lares (SP 08) SIM (CCS 09) HyperTap (DSN '14) Hprobes (EDCC'15) LibVMI (ACSAC 07) LiveWire (NDSS 03) Osck (ASPLOS 11) Antfarm (ATC 06) Lycosid (VEE 08) Virtuoso (SP 11) VMST (SP 12) On-demand Add/Remove Changes to VM Userspace Monitoring Root-of-trust (invariant) OS HW OS OS OS HW OS OS OS Active/Passive Mon. A (Hook) A P P A (Hook) A P P P Auto-generate Monitoring This Presentation Desirable Feature = Supported Feature = Unsupported Feature 35
75 Acknowledgements Collaborators: Cuong Pham, Fei Deng, Dr. Lok Yan, Prof. Zbigniew Kalbarczyk, Prof. Ravi Iyer 36
76 Summary VM Monitoring How hprobes work Microbenchmarks Emergency Detector 37
Dynamic VM Dependability Monitoring Using Hypervisor Probes
Dynamic VM Dependability Monitoring Using Hypervisor Probes Zachary J. Estrada, Cuong Pham, Fei Deng, Zbigniew Kalbarczyk, Ravishankar K. Iyer University of Illinois at Urbana-Champaign, USA {zestrad2,
More informationNested Virtualization
Nested Virtualization Dongxiao Xu, Xiantao Zhang, Yang Zhang May 9, 2013 Agenda Nested Virtualization Overview Dive into Nested Virtualization Details Nested CPU Virtualization Nested MMU Virtualization
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Mikhail Gorobets, Oleksandr Bazhaniuk, Alex Matrosov, Andrew Furtak, Yuriy Bulygin Advanced Threat Research Agenda Hypervisor based isolation Firmware rootkit
More informationIntel Virtualization Technology Overview Yu Ke
Intel Virtualization Technology Overview Yu Ke SSG System Software Division Agenda Virtualization Overview Intel Virtualization Technology 2 What is Virtualization VM 0 VM 1 VM n Virtual Machines (VMs)
More informationCloud^H^H^H^H^H Virtualization Technology. Andrew Jones (drjones@redhat.com) May 2011
Cloud^H^H^H^H^H Virtualization Technology Andrew Jones (drjones@redhat.com) May 2011 Outline Promise to not use the word Cloud again...but still give a couple use cases for Virtualization Emulation it's
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationSecure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
More informationHow To Stop A Malicious Process From Running On A Hypervisor
Hypervisor-Based Systems for Malware Detection and Prevention Yoshihiro Oyama ( 大 山 恵 弘 ) The University of Electro-Communications ( 電 気 通 信 大 学 ), Tokyo, Japan This Talk I introduce two hypervisor-based
More informationKernel Virtual Machine
Kernel Virtual Machine Shashank Rachamalla Indian Institute of Technology Dept. of Computer Science November 24, 2011 Abstract KVM(Kernel-based Virtual Machine) is a full virtualization solution for x86
More informationKVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com
KVM: A Hypervisor for All Seasons Avi Kivity avi@qumranet.com November 2007 Virtualization Simulation of computer system in software Components Processor: register state, instructions, exceptions Memory
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationNested Virtualization
Nested Virtualization Introduction and improvements Bandan Das Karen Noel 2 Outline Introduction When things don't work Note on AMD Speeding up Wrap-up References 3 Introduction Nested Virtualization Linux
More informationReliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants
2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants Cuong Pham, Zachary
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationVirtualization in Linux KVM + QEMU
CS695 Topics in Virtualization and Cloud Computing KVM + QEMU Senthil, Puru, Prateek and Shashank 1 Topics covered KVM and QEMU Architecture VTx support CPU virtualization in KMV Memory virtualization
More informationCarlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu. Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu
Continuous Monitoring using MultiCores Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu Motivation Intrusion detection Intruder gets
More informationLarge-scale performance monitoring framework for cloud monitoring. Live Trace Reading and Processing
Large-scale performance monitoring framework for cloud monitoring Live Trace Reading and Processing Julien Desfossez Michel Dagenais May 2014 École Polytechnique de Montreal Live Trace Reading Read the
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey
More informationBrian Walters. 1999. VMware Virtual Platform. Linux J. 1999, 63es, Article 6 (July 1999).
Implements BIOS emulation support for BHyVe: A BSD Hypervisor Abstract Current BHyVe only supports FreeBSD/amd6 as a GuestOS. One of the reason why BHyVe cannot support other OSes is lack of BIOS support.
More informationPrivacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches
Privacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches Haibo Chen Institute of Parallel and Distributed Systems Shanghai Jiao Tong University http://ipads.se.sjtu.edu.cn/haibo_chen
More informationCloud Operating Systems for Servers
Cloud Operating Systems for Servers Mike Day Distinguished Engineer, Virtualization and Linux August 20, 2014 mdday@us.ibm.com 1 What Makes a Good Cloud Operating System?! Consumes Few Resources! Fast
More informationData on Kernel Failures and Security Incidents
Data on Kernel Failures and Security Incidents Ravishankar K. Iyer (W. Gu, Z. Kalbarczyk, G. Lyle, A. Sharma, L. Wang ) Center for Reliable and High-Performance Computing Coordinated Science Laboratory
More informationTaming Hosted Hypervisors with (Mostly) Deprivileged Execution
Taming Hosted Hypervisors with (Mostly) Deprivileged Execution Chiachih Wu, Zhi Wang *, Xuxian Jiang North Carolina State University, * Florida State University Virtualization is Widely Used 2 There are
More informationReview and Exploit Neglected Attack Surface in ios 8. Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU
Review and Exploit Neglected Attack Surface in ios 8 Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU BlackHat 2015 Agenda ios Security Background Review of Attack Surfaces Fuzz More IOKit and MIG System
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationCS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization
CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann;
More informationChapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
More informationVirtual Private Systems for FreeBSD
Virtual Private Systems for FreeBSD Klaus P. Ohrhallinger 06. June 2010 Abstract Virtual Private Systems for FreeBSD (VPS) is a novel virtualization implementation which is based on the operating system
More informationOS Virtualization Frank Hofmann
OS Virtualization Frank Hofmann OP/N1 Released Products Engineering Sun Microsystems UK Overview Different approaches to virtualization > Compartmentalization > System Personalities > Virtual Machines
More informationAdvanced Computer Networks. Network I/O Virtualization
Advanced Computer Networks 263 3501 00 Network I/O Virtualization Patrick Stuedi Spring Semester 2014 Oriana Riva, Department of Computer Science ETH Zürich 1 Outline Last week: Today: Software Defined
More informationCOS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms
More informationVirtual machine CPU monitoring with Kernel Tracing
Virtual machine CPU monitoring with Kernel Tracing Mohamad Gebai Michel Dagenais 15 May, 2014 École Polytechnique de Montreal 1 Content General objectives Current approaches Kernel tracing Trace synchronization
More information10.04.2008. Thomas Fahrig Senior Developer Hypervisor Team. Hypervisor Architecture Terminology Goals Basics Details
Thomas Fahrig Senior Developer Hypervisor Team Hypervisor Architecture Terminology Goals Basics Details Scheduling Interval External Interrupt Handling Reserves, Weights and Caps Context Switch Waiting
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationThe QEMU/KVM Hypervisor
The /KVM Hypervisor Understanding what's powering your virtual machine Dr. David Alan Gilbert dgilbert@redhat.com 2015-10-14 Topics Hypervisors and where /KVM sits Components of a virtual machine KVM Devices:
More informationARM VIRTUALIZATION FOR THE MASSES. Christoffer Dall <c.dall@virtualopensystems.com> <cdall@cs.columbia.edu>
ARM VIRTUALIZATION FOR THE MASSES Christoffer Dall ARM Smartphones Smartphones Tablets Tablets ARM Servers But now also... But now also... ARM Servers
More informationCS161: Operating Systems
CS161: Operating Systems Matt Welsh mdw@eecs.harvard.edu Lecture 2: OS Structure and System Calls February 6, 2007 1 Lecture Overview Protection Boundaries and Privilege Levels What makes the kernel different
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationOutline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool
Outline CS 6V81-05: System Security and Malicious Code Analysis Overview of System ization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science
More informationXen and the Art of. Virtualization. Ian Pratt
Xen and the Art of Virtualization Ian Pratt Keir Fraser, Steve Hand, Christian Limpach, Dan Magenheimer (HP), Mike Wray (HP), R Neugebauer (Intel), M Williamson (Intel) Computer Laboratory Outline Virtualization
More informationEnsuring Operating System Kernel Integrity with OSck
Ensuring Operating System Kernel Integrity with OSck OwenS. Hofmann Alan M. Dunn SangmanKim Indrajit Roy Emmett Witchel The University of Texas at Austin HP Labs {osh,adunn,sangmank,witchel}@cs.utexas.edu
More informationVirtual machines and operating systems
V i r t u a l m a c h i n e s a n d o p e r a t i n g s y s t e m s Virtual machines and operating systems Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Virtual machines and operating systems interactions
More informationNoHype: Virtualized Cloud Infrastructure without the Virtualization
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee Princeton University ISCA 2010 Virtualized Cloud Infrastructure Run virtual machines
More informationRun-Time Deep Virtual Machine Introspection & Its Applications
Run-Time Deep Virtual Machine Introspection & Its Applications Jennia Hizver Computer Science Department Stony Brook University, NY, USA Tzi-cker Chiueh Cloud Computing Center Industrial Technology Research
More informationUsing Linux as Hypervisor with KVM
Using Linux as Hypervisor with KVM Qumranet Inc. Andrea Arcangeli andrea@qumranet.com (some slides from Avi Kivity) CERN - Geneve 15 Sep 2008 Agenda Overview/feature list KVM design vs other virtualization
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationVirtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
More informationToasterkit - A NetBSD Rootkit. Anthony Martinez Thomas Bowen http://mrtheplague.net/toasterkit/
Toasterkit - A NetBSD Rootkit Anthony Martinez Thomas Bowen http://mrtheplague.net/toasterkit/ Toasterkit - A NetBSD Rootkit 1. Who we are 2. What is NetBSD? Why NetBSD? 3. Rootkits on NetBSD 4. Architectural
More informationERNW Newsletter 43 / May 2014
ERNW Newsletter 43 / May 2014 Security Assessment of Microsoft Hyper-V Version: 1.1 Date: 6/2/2014 Author(s): Felix Wilhelm, Matthias Luft Table of Content 1 INTRODUCTION... 3 2 HYPER-V ARCHITECTURE...
More informationHIMA: A Hypervisor-Based Integrity Measurement Agent
HIMA: A Hypervisor-Based Integrity Measurement Agent Ahmed M. Azab, Peng Ning, Emre C. Sezer rth Carolina State University {amazab, pning, ecsezer}@ncsu.edu Xiaolan Zhang IBM T.J. Watson Research Center
More informationIsolating Commodity Hosted Hypervisors with HyperLock
Isolating Commodity Hosted Hypervisors with HyperLock Zhi Wang Chiachih Wu Michael Grace Xuxian Jiang Department of Computer Science North Carolina State University {zhi wang, cwu10, mcgrace}@ncsu.edu
More informationHigh-performance vnic framework for hypervisor-based NFV with userspace vswitch Yoshihiro Nakajima, Hitoshi Masutani, Hirokazu Takahashi NTT Labs.
High-performance vnic framework for hypervisor-based NFV with userspace vswitch Yoshihiro Nakajima, Hitoshi Masutani, Hirokazu Takahashi NTT Labs. 0 Outline Motivation and background Issues on current
More informationA Hypervisor IPS based on Hardware assisted Virtualization Technology
A Hypervisor IPS based on Hardware assisted Virtualization Technology 1. Introduction Junichi Murakami (murakami@fourteenforty.jp) Fourteenforty Research Institute, Inc. Recently malware has become more
More informationKVM: Kernel-based Virtualization Driver
KVM: Kernel-based Virtualization Driver White Paper Overview The current interest in virtualization has led to the creation of several different hypervisors. Most of these, however, predate hardware-assisted
More informationCSC 2405: Computer Systems II
CSC 2405: Computer Systems II Spring 2013 (TR 8:30-9:45 in G86) Mirela Damian http://www.csc.villanova.edu/~mdamian/csc2405/ Introductions Mirela Damian Room 167A in the Mendel Science Building mirela.damian@villanova.edu
More informationHotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov asotirov@determina.com BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
More informationSandbox Roulette: Are you ready for the gamble?
Sandbox Roulette: Are you ready for the gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com What is a sandbox? In computer security terminology, a sandbox is an environment designed
More informationVirtualization Technology. Zhiming Shen
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became
More informationLares: An Architecture for Secure Active Monitoring Using Virtualization
Lares: An Architecture for Secure Active Monitoring Using Virtualization Bryan D. Payne Martim Carbone Monirul Sharif Wenke Lee School of Computer Science Georgia Institute of Technology Atlanta, Georgia
More informationElectrical Engineering and Computer Science Department
Electrical Engineering and Computer Science Department Technical Report NWU-EECS-07-01 March 26, 2007 Blackbox No More: Reconstruction of Internal Virtual Machine State Benjamin Prosnitz Abstract Virtual
More informationSelf-service Cloud Computing
Self-service Cloud Computing Published in Proceedings of ACM CCS 12 Shakeel Butt shakeelb@cs.rutgers.edu Abhinav Srivastava abhinav@research.att.com H. Andres Lagar-Cavilla andres@lagarcavilla.org Vinod
More informationAbstract. 1. Introduction. 2. Threat Model
Beyond Ring-3: Fine Grained Application Sandboxing Ravi Sahita (ravi.sahita@intel.com), Divya Kolar (divya.kolar@intel.com) Communication Technology Lab. Intel Corporation Abstract In the recent years
More informationnovm: Hypervisor Rebooted Adin Scannell
novm: Hypervisor Rebooted Adin Scannell What is this talk about? 1. Rethinking the hypervisor 2. A new VMM for Linux (novm) Who am I? Adin Scannell Systems software developer Where do I work? Formerly
More informationChapter 16: Virtual Machines. Operating System Concepts 9 th Edition
Chapter 16: Virtual Machines Silberschatz, Galvin and Gagne 2013 Chapter 16: Virtual Machines Overview History Benefits and Features Building Blocks Types of Virtual Machines and Their Implementations
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationHyperV_Mon 3.0. Hyper-V Overhead. Introduction. A Free tool from TMurgent Technologies. Version 3.0
HyperV_Mon 3.0 A Free tool from TMurgent Technologies Version 3.0 Introduction HyperV_Mon is a GUI tool for viewing CPU performance of a system running Hyper-V from Microsoft. Virtualization adds a layer
More informationVMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D
ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned
More informationOutline. Introduction. State-of-the-art Forensic Methods. Hardware-based Workload Forensics. Experimental Results. Summary. OS level Hypervisor level
Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 1 Introduction
More informationSurvey on virtual machine security
Survey on virtual machine security Bright Prabahar P Post Graduate Scholar Karunya university Bijolin Edwin E Assistant professor Karunya university Abstract Virtualization takes a major role in cloud
More informationVirtualization Technologies
12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on
More informationHypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationOperating Systems. Lecture 03. February 11, 2013
Operating Systems Lecture 03 February 11, 2013 Goals for Today Interrupts, traps and signals Hardware Protection System Calls Interrupts, Traps, and Signals The occurrence of an event is usually signaled
More informationVirtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationTracing Kernel Virtual Machines (KVM) and Linux Containers (LXC)
Tracing Kernel Virtual Machines (KVM) and Linux Containers (LXC) École Polytechnique de Montréal Révolution Linux 25 juin 2010 Plan 1 Introduction Virtualization and Contextualization Technologies 2 Tracing
More informationThe Xen of Virtualization
The Xen of Virtualization Assignment for CLC-MIRI Amin Khan Universitat Politècnica de Catalunya March 4, 2013 Amin Khan (UPC) Xen Hypervisor March 4, 2013 1 / 19 Outline 1 Introduction 2 Architecture
More informationExploiting Trustzone on Android
1 Introduction Exploiting Trustzone on Android Di Shen(@returnsme) retme7@gmail.com This paper tells a real story about exploiting TrustZone step by step. I target an implementation of Trusted Execution
More informationEnhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista
Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista Setting the Stage This presentation will discuss the usage of Linux as a base component of hypervisor components
More informationAnception: Application Virtualization for Android
Anception: Application Virtualization for Android Earlence Fernandes, Alexander Crowell, Ajit Aluri, Atul Prakash University of Michigan, Ann Arbor (earlence, crowella, aaluri, aprakash)@umich.edu arxiv:1401.6726v1
More informationEnd to End Defense against Rootkits in Cloud Environment Sachin Shetty
End to End Defense against Rootkits in Cloud Environment Sachin Shetty Associate Professor Electrical and Computer Engineering Director, Cybersecurity Laboratory Tennessee State University Tennessee State
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationJorix kernel: real-time scheduling
Jorix kernel: real-time scheduling Joris Huizer Kwie Min Wong May 16, 2007 1 Introduction As a specialized part of the kernel, we implemented two real-time scheduling algorithms: RM (rate monotonic) and
More informationA Virtualized Linux Integrity Subsystem for Trusted Cloud Computing
A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011
More informationHyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity Zhi Wang Department of Computer Science North Carolina State University zhi wang@ncsu.edu Xuxian Jiang Department
More informationPOACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS. Rafal Wojtczuk <rafal@bromium.com>
POACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS Rafal Wojtczuk Agenda About the speaker Types of hypervisors Attack surface Examples of past and
More informationSurvey On Hypervisors
Survey On Hypervisors Naveed Alam School Of Informatics and Computing Indiana University Bloomington nalam@indiana.edu ABSTRACT Virtual machines are increasing in popularity and are being widely adopted.
More informationWHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security
Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationKVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
More informationHybrid Virtualization The Next Generation of XenLinux
Hybrid Virtualization The Next Generation of XenLinux Jun Nakajima Principal Engineer Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More informationThere s a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research
1 There s a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research That s unavoidable, but the linux kernel developers don t do very much to make the situation
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationSoft-Timer Driven Transient Kernel Control Flow Attacks and Defense
Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calton Pu Georgia Institute of Technology Annual Computer Security Applications Conference
More informationFRONT FLYLEAF PAGE. This page has been intentionally left blank
FRONT FLYLEAF PAGE This page has been intentionally left blank Abstract The research performed under this publication will combine virtualization technology with current kernel debugging techniques to
More informationVMkit A lightweight hypervisor library for Barrelfish
Masters Thesis VMkit A lightweight hypervisor library for Barrelfish by Raffaele Sandrini Due date 2 September 2009 Advisors: Simon Peter, Andrew Baumann, and Timothy Roscoe ETH Zurich, Systems Group Department
More informationPut a Firewall in Your JVM Securing Java Applications!
Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More information