Detection of virtual machine monitor corruptions Benoît Morgan, Eric Alata, Vincent Nicomette LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journée SEC 2 - June 30th, 2015 Detection of virtual machine monitor corruptions 1 / 13
Outline 1 2 3 Detection of virtual machine monitor corruptions 2 / 13
Context Project SVC Secured Virtual Cloud Project Investissement d Avenir Itrust, Bull, Eneed, Secludit, Eurogiciel, Val Informatique, Blue Mind, LAAS-CNRS, IRIT Project Coordinator : Bull LAAS 3 PhDs, 2 focusing on security Evaluation of intrusion detection mechanisms in clouds Detection of virtual machine monitor corruptions Detection of virtual machine monitor corruptions 3 / 13
Virtual machine monitors VM exit VM 1 VM Launch Hypervisor Hardware VM 2 VM exit Guest software Privileged software Transitions Hardware Privileged entity Ensures space and time isolation between virtual machines Control model similar to operating system control over userland applications Detection of virtual machine monitor corruptions 4 / 13
Motivations More and more complex VMM Xen, KVM, VMware ESXi Peripherals virtualisation Mass storage virtualisation Remote administration Vulnerabilities regularly discovered Large attack surface Necessity to detect the compromission of the hypervisor Detection of virtual machine monitor corruptions 5 / 13
Outline Trusted architecture Experimentation 1 2 Trusted architecture Experimentation 3 Detection of virtual machine monitor corruptions 6 / 13
Trusted architecture proposed Trusted architecture Experimentation A tiny security hypervisor (l 1 ) in charge of detecting corruption of virtualised hypervisor (l 2 ) VM1 l2 VM2 l2 VM3 l2 Hypervisor l 2 VM l1 Security hypervisor l 1 Hardware BUT, the security hypervisor (l 1 ) may be also attacked and compromised Hardware bugs Malicious peripherals Necessity to control the integrity of the security hypervisor itself through a trusted autonomous hardware component Detection of virtual machine monitor corruptions 7 / 13
Trusted architecture Experimentation An execution enclave of integrity checks Guarded Software Component Security Hypervisor Checks Hardware Trusted Hardware Component Integrity checks Challenge and environment checks 1 The integrity of the security hypervisor is regularly checked by the trusted hardware component through 1) challenges and 2) environment checks 2 The integrity of the guarded software component is checked by the security hypervisor 3 Alarms are raised when challenges or integrity checks fail Detection of virtual machine monitor corruptions 8 / 13
Prototype Trusted architecture Experimentation PC with Intel processor (VT-x, VT-d), PCI Express bus Trusted hardware component based on FPGA technology Bare metal security hypervisor using nested virtualisation technology Experimentation with Linux and a corrupted driver in the kernel as the Guarded Software Component Publications : SSTIC 2014[2] Detection of virtual machine monitor corruptions 9 / 13
Outline 1 2 3 Detection of virtual machine monitor corruptions 10 / 13
Current virtualisation of KVM ou VMware ESXi Improving the challenges and environment checks First prototype of recursive hypervisor (allowing to implement several security mechanisms at different privilege levels) Publications : SSTIC 2015[3] Detection of virtual machine monitor corruptions 11 / 13
Detection of virtual machine monitor corruptions Benoît Morgan, Eric Alata, Vincent Nicomette LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journée SEC 2 - June 30th, 2015 Detection of virtual machine monitor corruptions 12 / 13
Références [1] http://sarssi2013.univ-pau.fr/index.php/programme [2] https://www.sstic.org/2014/presentation/tests_ dintegrite_dhyperviseurs/ [3] https://www.sstic.org/2015/presentation/abyme un_ voyage_au_coeur_des_hyperviseurs_recursifs/ Démo 1 : https://youtu.be/nax0shux9gq Démo 2 : https://youtu.be/1yz_zua2kgm Detection of virtual machine monitor corruptions 13 / 13