Virtual Machine Security

Similar documents
Chapter 5 Cloud Resource Virtualization

Chapter 14 Virtual Machines

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

COS 318: Operating Systems. Virtual Machine Monitors

Full and Para Virtualization

Virtualization. Pradipta De

Secure Virtual Machine Systems

Distributed Systems. Virtualization. Paul Krzyzanowski

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

x86 ISA Modifications to support Virtual Machines

Cloud Computing CS

Virtual Computing and VMWare. Module 4

Virtualization. Jia Rao Assistant Professor in CS

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Date: December 2009 Version: 1.0. How Does Xen Work?

matasano Hardware Virtualization Rootkits Dino A. Dai Zovi

Virtualization. Explain how today s virtualization movement is actually a reinvention

KVM Security Comparison

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

System Structures. Services Interface Structure

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Virtualization. Dr. Yingwu Zhu

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Basics of Virtualisation

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtualization for Cloud Computing

Virtualization and the U2 Databases

Virtualization Technologies (ENCS 691K Chapter 3)

Virtualization. Types of Interfaces

Cloud Computing. Up until now

Attacking Hypervisors via Firmware and Hardware

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Virtual machines and operating systems

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed and Cloud Computing

Chapter 2 Addendum (More on Virtualization)

Virtualization. Jukka K. Nurminen

Security technology of system virtualization platform

Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors

The Xen of Virtualization

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

Virtualization Technology. Zhiming Shen

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

COS 318: Operating Systems

Virtualization Technology

Mandatory Access Control Systems

Security Overview of the Integrity Virtual Machines Architecture

Virtual Machines.

Compromise-as-a-Service

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

Clouds, Virtualization and Security or Look Out Below

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to

Hybrid Virtualization The Next Generation of XenLinux

Jukka Ylitalo Tik TKK, April 24, 2006

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Introduction to Virtual Machines

IOS110. Virtualization 5/27/2014 1

Windows Server Virtualization & The Windows Hypervisor

Survey on virtual machine security

Survey On Hypervisors

Red Hat enterprise virtualization 3.0 feature comparison

Virtual Hosting & Virtual Machines

12. Introduction to Virtual Machines

The Art of Virtualization with Free Software

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009

Virtual Switching Without a Hypervisor for a More Secure Cloud

Virtual Machines. Virtualization

How To Compare Performance Of A Router On A Hypervisor On A Linux Virtualbox 2.5 (Xen) To A Virtualbox (Xeen) Xen-Virtualization (X

A Survey on Virtual Machine Security

Multi-core Programming System Overview

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

Models For Modeling and Measuring the Performance of a Xen Virtual Server

CPS221 Lecture: Operating System Structure; Virtual Machines

How To Understand The Power Of A Virtual Machine Monitor (Vm) In A Linux Computer System (Or A Virtualized Computer)

NSA Security-Enhanced Linux (SELinux)

Solaris Virtualization and the Xen Hypervisor Frank Hofmann

A Hypervisor IPS based on Hardware assisted Virtualization Technology

A B S T R A C T I. INTRODUCTION

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Virtualization: Concepts, Applications, and Performance Modeling

Abstract. 1. Introduction. 2. Threat Model

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

COS 318: Operating Systems. Virtual Machine Monitors

A quantitative comparison between xen and kvm

Application Performance in the Cloud, and its Relationship to QoS

kvm: Kernel-based Virtual Machine for Linux

The Microsoft Windows Hypervisor High Level Architecture

Xen and the Art of. Virtualization. Ian Pratt

9/26/2011. What is Virtualization? What are the different types of virtualization.

Virtualization and Other Tricks.

Leveraging Thin Hypervisors for Security on Embedded Systems

Attacking Hypervisors via Firmware and Hardware

Introduction to the NI Real-Time Hypervisor

Securing Your Cloud with Xen Project s Advanced Security Features

Trusted Virtual Datacenter Radically simplified security management

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Transcription:

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1

Operating System Quandary Q: What is the primary goal of system security? OS enables multiple users/programs to share resources on a physical device Q: What happens when we try to enforce Mandatory Access Control policies on UNIX systems Think SELinux policies What can we to do to simplify? 2

Virtual Machines Instead of using system software to enable sharing, use system software to enable isolation Virtualization a technique for hiding the physical characteristics of computing resources from the way in which others systems, applications, and end users interact with those resources Virtual Machines Single physical resource can appear as multiple logical resources 3

Virtual Machine Architectures Full system simulation CPU can be simulated Paravirtualization (Xen) VM has a special API Requires OS changes Native virtualization (VMWare) Simulate enough HW to run OS OS is for same CPU Application virtualization (JVM) Application API 4

Virtual Machine Types Type I Lowest layer of software is VMM E.g., Xen, VAX VMM, etc. Type II Runs on a host operating system E.g., VMWare, JVM, etc. Q: What are the trust model issues with Type II compared to Type I? 5

VM Security Isolation of VM computing Like a separate machine Partitioned Resources VM Guest OS VM Guest OS Device Requests Virtual Machine Monitor Physical Device Controls 6

Ensure Protection of VMM Processor Instructions Each processor supports an instruction set Some can only be run privileged mode i.e., a more privileged ring (ring 0) Privileged versus Sensitive Instructions Privileged: only run in ring 0 Sensitive: read or write privileged state All sensitive instructions must be privileged Examples Page Table Entries: memory accesses Code Segment Selector read: this register indicates level 7

A Proper VMM Virtualization Requirements Protect sensitive state Sensitive instructions must be virtualized (i.e., require privilege) Access to sensitive data must be virtualized (ditto) Need to hide virtualization Systems cannot see that they are being virtualized I/O Processing Need to share access to devices correctly Special driver interface Self-virtualization: Run VMM as VM Can t do this on traditional x86, but now we have VT architecture 8

NetTop Isolated networks of VMs Alternative to air gap security VM: Secret VM: Public VM: Secret VM: Public Guest OS Guest OS Guest OS Guest OS VMWare MLS SELinux Host OS VMWare MLS SELinux Host OS 9

Xen Paravirtualized Hypervisor Privileged VM VM: DomU Guest OS Partitioned Resources VM Services Dom 0 Host OS Drivers VM: DomU Guest OS Device Requests Xen Hypervisor 10

Xen shype Controlled information flows among VMs VM: DomU VM: DomU Guest OS Partitioned Resources VM Services Dom 0 Host OS Drivers Guest OS Device Requests Xen Hypervisor Ref Mon 11

Xen shype Policies Type Enforcement over VM communications VM labels are subjects VM labels are objects How do VMs communicate in Xen? Grant tables: pass pages between VMs Event channels: notifications (e.g., when to pass pages) shype controls these Q: What about VM communication across systems? 12

Xen Security Modules Comprehensive Reference Monitor interface for Xen Based on LSM ideas Includes about 57 hooks (more expected) Supports shype hooks Plus, hooks for VM management, resource partitioning Another aim: Decompose domain 0 Specialize kernel for privileged operations E.g., Remove drivers 13

VM Security Status Aim is simplicity Are we achieving this? Do we care what happens in the VMs? When might we care? Trusted computing base How does this compare to traditional OS? 14

Java Virtual Machine Interpret Java bytecodes Machine specification defined by bytecode On all architectures, run same bytecodes Write once, run anywhere Can run multiple programs w/i JVM simultaneously Different classloaders can result in different protection domains How do we enforce access control? 15

Java Security Architecture Java 1.0: Applets and Applications CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16

Java Security Architecture Java 1.1: Signed code (trusted remote -- think Authenticode) Java 1.2: Flexible access control, included in Java 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17

Stack Inspection Authorize based on protection domains on the stack Union of all sources All must have permission CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18

Do Privileged doprivileged terminates backtrace Like setuid, with similar risks CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19

Virtual Machine Threats How does the insertion of a virtual machine layer change the threats against the system? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 20

Virtual Machine Rootkit Rootkit Malicious software installed by an attacker on a system Enable it to run on each boot OS Rootkits Kernel module, signal handler,... When the kernel is booted, the module is installed and intercepts user process requests, interrupts, etc. E.g., keylogger VM Rootkit Research project from Michigan and Microsoft If security service runs in VM, then a rootkit in VMM can evade security E.g., Can continue to run even if the system appears to be off CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21

Take Away VM systems focus on isolation Enable reuse, but limited by security requirements Enable limited communication The policies are not trivial, but refer to coarser-grained objects 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information