Improving the Security of Commodity Hypervisors for Cloud Computing

Similar documents

Virtual Switching Without a Hypervisor for a More Secure Cloud

Comparing Free Virtualization Products

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Xen Cloud Platform Update

9/26/2011. What is Virtualization? What are the different types of virtualization.

Poacher turned gamekeeper: Lessons learned from eight years of breaking hypervisors

POACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS. Rafal Wojtczuk

CS197U: A Hands on Introduction to Unix

OVERVIEW. The complete IaaS platform for service providers

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Overview. The OnApp Cloud Platform. Dashboard APPLIANCES. Used Total Used Total. Virtual Servers. Blueprint Servers. Load Balancers.

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Detection of virtual machine monitor corruptions

How To Install Eucalyptus (Cont'D) On A Cloud) On An Ubuntu Or Linux (Contd) Or A Windows 7 (Cont') (Cont'T) (Bsd) (Dll) (Amd)

x86 Servers and Operating Systems - Information applicable for PRIMEQUEST (PQ) and PRIMERGY (PY) Servers PY RX300 S8 PY RX200 S8 PY CX272 S1

Virtualization 101 ASPE RESOURCE SERIES. Prepared for ASPE by Global Knowledge's Kerry Doyle, MA, ZDNet/CNet.com Associate Editor

Xen Virtualization: Xen (source) and XenServer

Virtualization System Security

Virtualization & Cloud Computing (2W-VnCC)

How To Stop A Malicious Process From Running On A Hypervisor

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Development of Type-2 Hypervisor for MIPS64 Based Systems

Windows Server 2008 R2 Hyper V. Public FAQ

2) Xen Hypervisor 3) UEC

Deep Security 9.6 SP1 Supported Features by Platform

Cooperation of Operating Systems with Hyper-V. Bartek Nowierski Software Development Engineer, Hyper-V Microsoft Corporation

Before we can talk about virtualization security, we need to delineate the differences between the

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

SCO Virtualization Presentation to Customers

Top virtualization security risks and how to prevent them

Virtualization and Other Tricks.

SURFnet Cloud Computing Solutions

Compromise-as-a-Service

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

The Virtual Environment

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Cloud computing security

Operating Systems Virtualization mechanisms

Chapter 14 Virtual Machines

VX 9000E WiNG Express Manager INSTALLATION GUIDE

Server and Storage Virtualization. Virtualization. Overview. 5 Reasons to Virtualize

Openstack. Cloud computing with Openstack. Saverio Proto

Cloud Computing CS

Deep Security 9.5 Supported Features by Platform

OnApp Cloud. The complete platform for cloud service providers. 114 Cores. 286 Cores / 400 Cores

Creating a Linux Virtual Machine using Virtual Box

Introduction to OpenStack

FIA Athens 2014 ~OKEANOS: A LARGE EUROPEAN PUBLIC CLOUD BASED ON SYNNEFO. VANGELIS KOUKIS, TECHNICAL LEAD, ~OKEANOS

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Red Hat enterprise virtualization 3.0 feature comparison

OGF25/EGEE User Forum Catania, Italy 2 March 2009

Software. Programming Language. Software. Instructor Özgür ZEYDAN. Bülent Ecevit University Department of Environmental Engineering

Deploying Business Virtual Appliances on Open Source Cloud Computing

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC

Networking for Caribbean Development

x86 Servers and Operating Systems - Information applicable for PRIMEQUEST (PQ) and PRIMERGY (PY) Servers PY RX300 S8 PY RX200 S8 PY CX272 S1

Virtualization Technologies. Embrace the new world of healthcare

VIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY

Elastic Management of Cluster based Services in the Cloud

An Oracle White Paper August Oracle VM 3: Server Pool Deployment Planning Considerations for Scalability and Availability

Course Title: Virtualization Security, 1st Edition

Understanding the Business Case of Network Function Virtualization

OPEN SOURCE VIRTUALIZATION TRENDS. SYAMSUL ANUAR ABD NASIR Warix Technologies / Fedora Community Malaysia

Privacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches

OpenStack Cloud Migration : Migrating On-premise workloads to OpenStack Private Cloud

Learn the Essentials of Virtualization Security

Virtualization. Types of Interfaces

Cloud security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

DISTRIBUTED COMPUTER SYSTEMS CLOUD COMPUTING INTRODUCTION

The Review of Virtualization in an Isolated Computer Environment

VIRTUALIZATION SECURITY IN THE REAL WORLD

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Making a Smooth Transition to a Hybrid Cloud with Microsoft Cloud OS

Server-centric client virtualization model reduces costs while improving security and flexibility.

Learn the essentials of virtualization security

Hyper-V vs ESX at the datacenter

Securing Your Cloud with Xen Project s Advanced Security Features

Quantum Hyper- V plugin

Survey on virtual machine security

Enterprise Cloud VM Image Import User Guide. Version 1.0

Restricted Document. Pulsant Technical Specification

EEDC. Scalability Study of web apps in AWS. Execution Environments for Distributed Computing

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

CSE 501 Monday, September 09, 2013 Kevin Cleary

How To Get A Cloud Security System To Work For You

Container Clusters on OpenStack

Dell Networking Solutions Guide for Microsoft Hyper-V

Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis

Transcription:

Improving the Security of Commodity Hypervisors for Cloud Computing Anh Nguyen 1, Himanshu Raj, Shravan Rayanchu 2, Stefan Saroiu, and Alec Wolman 1 UIUC, 2 U. of Wisconsin, and MSR

Today s cloud computing hypervisors have very large trusted computing bases!

Hyper-V Architecture Root VM (Dom0) Child VM (Dom1) Hypervisor

Hyper-V Architecture Root VM (Dom0) Child VM (Dom1) TCB Hypervisor

How Large is the TCB? Hypervisor Xen Hyper-V Lines of Code 250 KLOC 100+ KLOC OS Linux 2.6.32 Windows Server 2008 Lines of Code 11.2 MLOC 50 MLOC TCB of commodity hypervisors consists of tens of millions of lines of code!

Two Classes of Attacks 1. Attacks from guest VMs Cases of malicious customer software already documented: On Amazon EC2, customer sent spam & launch DoS 2. Physical attacks Many already have access to locked datacenters Providers are starting to outsource to 3 rd -parties Code offload servers deployed in coffee shops, mall areas

Two Classes of Attacks 1. Attacks from guest VMs Cases of malicious customer software already documented: On Amazon EC2, customer sent spam & launch DoS 2. Physical attacks Many already have access to locked datacenters Providers are starting to outsource to 3 rd -parties Code offload servers deployed in coffee shops, mall areas

Outline Motivation Requirements and design alternatives Design of Bunker-V Conclusions

Req#1: Hypervisors Must Accommodate Legacy OSes Year OS Supported by Amazon EC2 2007 RedHat 2008 Solaris, Oracle Linux, Win Server 2003 2009 Win Server 2008 Future Fedora, opensuse, Gentoo, Ubuntu, Debian Future cloud computing goal: hosting home desktops

Req#2: High Performance Performance remains critical for cloud computing hypervisors: Higher degree of multiplexing $$$ The need for high performance is making the cloud push its computation closer to the edge Cloudlets for code offload

Summary of Requirements Cloud hypervisors must: 1. Be secure 2. Accommodate legacy OSes 3. Have high performance Next, we look at hypervisor alternatives

Alt#1: Tiny Hypervisors Recent project built a hypervisor in 7889 LoC! Can run legacy OS! Remove full-fledged OS from root VM Drawback: must compromise on functionality Can t run more than one VM at a time Refs: SecVisor[SOSP 07], TrustVisor[Oakland 10]

Alt#2: Disaggregated Hypervisors Improves security: Any exploit remains isolated in one compartment However, it does not reduce the size of TCB We suspect TCB is even larger to include interface code among compartments Refs: NOVA[Eurosys 10], S. Hand s group[oasis 04, VEE 08]

Our Approach: Bunker-V Bunker-V: reduce TCB s attack surface by minimizing the interface between the TCB and guest VMs Even if vulnerability exists inside TCB, system remains secure as long as attacker cannot exploit it Re-think the design of a hypervisor for cloud scenario: eliminate unnecessary virtual devices

Outline Motivation Requirements and design alternatives Design of Bunker-V Conclusions

Virtual Devices: Interface btw. Root & Child VMs Virtual Devices Root VM (Dom0) Physical Devices Child VM (Dom1) Hypervisor

Categories of Virtual Devices (vdev) Extraneous vdevs: not needed in the cloud e.g., floppy, keyboard, mouse, monitor, serial port Legacy vdevs: not needed in the cloud, but OS cannot boot without them e.g., keyboard controller, PIT, ISA bus Required vdevs: needed to run in the cloud e.g., storage, NIC, PIC, PCI bus

Categories of Virtual Devices (vdev) Extraneous vdevs: not needed in the cloud e.g., floppy, keyboard, mouse, monitor, serial port Legacy vdevs: not needed in the cloud, but OS cannot boot without them e.g., keyboard controller, PIT, ISA bus Required vdevs: needed to run in the cloud e.g., storage, NIC, PIC, PCI bus

Bunker-V s Interface

Challenge: Handle Guest OS Booting Approach: delusional boot Boot OS on a separate node: Separate node has legacy vdevs enabled Separate node is isolated from datacenter

Conclusions Bunker-V improves security of hypervisors for cloud computing: 79% reduction of TCB s interfaces Can run legacy OSes with high performance Delusional Boot: new technique for booting legacy OSes in the absence of many devices

Questions? ssaroiu@microsoft.com