virtualization & cloud computing cs642 computer security adam everspaugh

From this document you will learn the answers to the following questions:

What is the virtual box?

What company is responsible for virtualization?

What degrades to get more CPU time or network bandwidth Other problems?

Similar documents
Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage

Cloud security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

Evripidis Paraskevas (ECE Dept. UMD) 04/09/2014

Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG

Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Cloud security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

Cloud computing security

HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE

Are Cache Attacks on Public Clouds Practical?

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

Cloud Computing. What is Cloud Computing? Computing As A Utility. Resource Provisioning Problem 4/29/2014. Kai Shen

IOS110. Virtualization 5/27/2014 1

9/26/2011. What is Virtualization? What are the different types of virtualization.

How To Create A Cloud Based System For Aaas (Networking)

Virtualization and Cloud Computing. The Threat of Covert Channels. Related Work. Zhenyu Wu, Zhang Xu, and Haining Wang 1

Virtualization. Dr. Yingwu Zhu

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed and Cloud Computing

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Definitions. Hardware Full virtualization Para virtualization Hosted hypervisor Type I hypervisor. Native (bare metal) hypervisor Type II hypervisor

Virtualization. Explain how today s virtualization movement is actually a reinvention

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Virtualization Technologies. Embrace the new world of healthcare

Cloud Computing CS

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Datacenters and Cloud Computing. Jia Rao Assistant Professor in CS

Randomness Exposed An Attack on Hosted Virtual Machines

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

Virtualization and Cloud Computing

Virtualized Networks based on System Virtualization

Virtualizing a Virtual Machine

Presentation of Diagnosing performance overheads in the Xen virtual machine environment

Windows Server 2008 R2 Hyper V. Public FAQ

Virtual Switching Without a Hypervisor for a More Secure Cloud

Cloud Computing #6 - Virtualization

COS 318: Operating Systems. Virtual Machine Monitors

D3.1: Operational SaaS Test lab

CIT 668: System Architecture

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Virtual Computing and VMWare. Module 4

Virtual Machine Security

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

The Threat of Coexisting With an Unknown Tenant in a Public Cloud

Introduction to the NI Real-Time Hypervisor

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Virtualization System Security

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Development of Type-2 Hypervisor for MIPS64 Based Systems

System Center 2012 Suite SYSTEM CENTER 2012 SUITE. BSD BİLGİSAYAR Adana

Barracuda Backup Vx. Virtual Appliance Deployment. White Paper

Cloud Computing through Virtualization and HPC technologies

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Virtualization for Security

Privacy, Security and Cloud

Summary of the SEED Labs For Authors and Publishers

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

New Security Perspective for Virtualized Platforms

Virtualization with Windows

VIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS

Software Execution Protection in the Cloud

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

End to End Defense against Rootkits in Cloud Environment. Design- Part 2

CS 416: Opera-ng Systems Design

Peter Waterman Senior Manager of Technology and Innovation, Managed Hosting Blackboard Inc

Lecture Overview. INF3510 Information Security Spring Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

Virtualization. Types of Interfaces

Hyper-V R2: What's New?

Introduction to Virtual Machines

Virtualization. Nelson L. S. da Fonseca IEEE ComSoc Summer Scool Trento, July 9 th, 2015

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds

Effiziente Server- Virtualisierung mit MS Hyper-V und Citrix Essentials

Full and Para Virtualization

Virtual Machines Fact Sheet

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Basics of Virtualisation

Simplify the Deployment and Management of Desktop Virtualization & VDI Technologies. Terry Lewis Solutions Architect

Cloud Computing. Chapter 1 Introducing Cloud Computing

Virtualization. Pradipta De

TechTarget Windows Media

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

SUSE Cloud 2.0. Pete Chadwick. Douglas Jarvis. Senior Product Manager Product Marketing Manager

NoHype: Virtualized Cloud Infrastructure without the Virtualization

Analysis on Virtualization Technologies in Cloud

Xen Live Migration. Networks and Distributed Systems Seminar, 24 April Matúš Harvan Xen Live Migration 1

Making a Smooth Transition to a Hybrid Cloud with Microsoft Cloud OS

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Cloud Models and Platforms

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Remus: : High Availability via Asynchronous Virtual Machine Replication

Virtualization Technologies (ENCS 691K Chapter 3)

Transcription:

virtualization & cloud computing cs642 computer security adam everspaugh ace@cs.wisc.edu

today Announcements: HW4 posted yesterday Virtualization Random number generators and reset vulnerabilities Cloud computing and co-residency

Virtualization P1 P2 P1 P2 P1 P2 Process 1 Process 2 OS1 OS2 OS2 OS Drivers Hypervisor Drivers P1 P2 Hypervisor Host OS Hardware Hardware Hardware No virtualization Type-1 Virtualization (Xen, VMware ESX) Type-1: Hypervisor runs directly on hardware Type-2: Hypervisor runs on host OS Type-2 Virtualization (VMware Workstation, Virtual Box)

VM Use Cases Development and testing (especially when we need different OSs) Server consolidation Run multiple servers on same hardware: web server, file server, email servers, Cloud computing: Infrastructure-as-a-Service Sandboxing / containment

Security Model P1 OS1 P2 Drivers P1 Hypervisor Hardware OS2 P2 Drivers Type-1 Virtualization (VMware Workstation, Virtual Box) What's the desired security model? Isolation between OS1/OS2 (and processes) No access to file system, memory pages No "escape" from process/os to hypervisor What can go wrong?

Isolation Problems P1 OS1 P2 Drivers P1 Hypervisor Hardware OS2 P2 Drivers Type-1 Virtualization (VMware Workstation, Virtual Box) Information leakage side-channel attacks using shared resources (instruction/memory caches) Degradation of service Violate performance isolation, OS1 degrades OS2 to get more CPU time or network bandwidth Other problems?

Virtual Machine Management Snapshots Volume snapshot / checkpoint persistent storage of VM must boot from storage when resuming snapshot Full snapshot persistent storage and ephemeral storage (memory, register states, caches, etc.) start/resume in between (essentially) arbitrary instructions VM image is a file that stores a snapshot

Uses for Secure Random Numbers Cryptography Keys Nonces, initial values (IVs), salts System Security TCP Initial Sequence Numbers (ISNs) ASLR Stack Canaries

Where can we get secure random numbers? Every OS provides a high-quality RNG OSX/Linux: cat /dev/urandom

Operating System Random Number Generators System Events Keyboard Clicks Mouse Movements Hard Disk Event Network Packets Other Interrupts RNG Random Numbers Statistically Uniform Hard to predict

Linux RNG Linux /dev/(u)random: System Events interrupt events Interrupt Pool disk events keyboard events mouse events hardware RNGs RNG Input Pool Random Pool URandom Pool /dev/random Random Numbers /dev/urandom Cryptographic hash

RNG Failures System Events RNG Random Numbers RNG Failures Predictable Output Repeated Output Outputs from a small range (not-statistically uniform) Broken Windows RNG: [DGP 2007] Broken Linux RNG: [GPR 2008], [LRSV 2012], [DPRVW 2013], [EZJSR 2014] Factorable RSA Keys: [HDWH 2012] Taiwan National IDs: [BCCHLS 2013]

Virtual Machine Snapshots disk Snapshot Resumption

Security Problems with VM Resets VM Reset Vulnerabilities [Ristenpart, Yilek 2010] Use key App starts Read /dev/urandom Derives key Initialization Snapshot Use key Firefox and Apache reused random values for TLS Attacker can read previous TLS sessions, recover private keys from Apache

Linux RNG after VM Reset Not-So-Random Numbers in Virtualized Linux [Everspaugh, et al, 2014] disk Snapshot Read RNG Read RNG Experiment: Boot VM in Xen or VMware Capture snapshot Resume from snapshot, read from /dev/urandom Repeat: 8 distinct snapshots 20 resumptions/snapshot

/dev/urandom outputs after resumption 21B8BEE4 9D27FB83 6CD124A6 E8734F71 111D337C 1E6DD331 8CC97112 2A2FA7DB DBBF058C 26C334E7 F17D2D20 CC10232E... 21B8BEE4 9D27FB83 6CD124A6 E8734F71 111D337C 1E6DD331 8CC97112 2A2FA7DB DBBF058C 26C334E7 F17D2D20 CC10232E... 21B8BEE4 9D27FB83 6CD124A6 E8734F71 111D337C 1E6DD331 8CC97112 2A2FA7DB DBBF058C 26C334E7 45C78AE0 E678DBB2... Linux RNG is not reset secure: 7/8 snapshots produce mostly identical outputs Reset 1 Reset 2 Reset 3

Reset insecurity and applications Generate RSA key on resumption: openssl genrsa 30 snapshots; 2 resets/snapshot (ASLR Off) 27 trials produced identical private keys 3 trials produced unique private keys

Why does this happen? if (entropy estimate >= 64) if (count > 64 or elapsed time > 1s ) Random Pool /dev/random interrupts Interrupt Pool disk events Input Pool URandom Pool /dev/urandom if (entropy estimate >= 192) Buffering and thresholds prevent new inputs from impacting outputs Linux /dev/(u)random

What about other platforms? FreeBSD /dev/random produces identical output stream Up to 100 seconds after resumption Microsoft Windows 7 Produces repeated outputs indefinitely rand_s (stdlib) CryptGenRandom (Win32) RngCryptoServices (.NET)

Cloud computing Cloud providers Popular customers Who can be a customer? We call these "public clouds"

VMs Infrastructure-asa-service Storage Web Cache/TLS Termination Cloud Services

A simplified model of public cloud computing Users run Virtual Machines (VMs) on cloud provider s infrastructure User A virtual machines (VMs) Owned/operated by cloud provider User B virtual machines (VMs) Multitenancy (users share physical resources) Virtual Machine Manager (VMM) manages physical server resources for VMs To the VM should look like dedicated server Virtual Machine Manager

Trust models in public cloud computing User A User B Users must trust third-party provider to not spy on running VMs / data secure infrastructure from external attackers secure infrastructure from internal attackers

A new threat model: User A Bad guy Attacker identifies one or more victims VMs in cloud 1) Achieve advantageous placement via launching of VM instances 2) Launch attacks using physical proximity Exploit VMM vulnerability DoS Side-channel attack

Anatomy of attack Checking for co-residence check that VM is on same server as target - network-based co-residence checks - efficacy confirmed by covert channels Achieving co-residence brute forcing placement instance flooding after target launches Placement vulnerability: attackers can knowingly achieve co-residence with target Location-based attacks side-channels, DoS, escape-from-vm

Cross-VM side channels using CPU cache contention Attacker VM Victim VM Main memory CPU data cache 1) Read in a large array (fill CPU cache with attacker data) 2) Busy loop (allow victim to run) 3) Measure time to read large array (the load measurement)

Cache-based cross-vm load measurement on EC2 Running Apache server Repeated HTTP get requests Performs cache load measurements 3 pairs of instances, 2 pairs co-resident and 1 not 100 cache load measurements during HTTP gets (1024 byte page) and with no HTTP gets [Hey, You, Get Off of my Cloud, 2009, Ristenpart, et al.]

recap Virtualization types, containment problems Linux RNG and reset vulnerabilities Cloud computing / Placement vulnerabilities / Co-residency detection via side-channels / Co-location strategies

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information