Study on “Secure In-VM Monitoring Using Hardware Virtualization” Qiang.Guan Dependable Computing System Lab New Mexico Tech.

Slides:



Advertisements
Similar presentations
Computer-System Structures Er.Harsimran Singh
Advertisements

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Operating System Security : David Phillips A Study of Windows Rootkits.
Chapter 6 Security Kernels.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 2: Computer-System Structures Computer System Operation I/O Structure Storage.
OS Spring’03 Introduction Operating Systems Spring 2003.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Virtualization for Cloud Computing
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.
Tanenbaum 8.3 See references
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
SymCall: Symbiotic Virtualization Through VMM-to-Guest Upcalls John R. Lange and Peter Dinda University of Pittsburgh (CS) Northwestern University (EECS)
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Protection and the Kernel: Mode, Space, and Context.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Code Injection From the Hypervisor: Removing the need for in-guest agents Matt Conover Principal Software Engineer Core Research Group, Symantec Research.
Xen I/O Overview. Xen is a popular open-source x86 virtual machine monitor – full-virtualization – para-virtualization para-virtualization as a more efficient.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Introduction to Operating Systems Chapter 1. cs431 -cotter2 Lecture Objectives Understand the relationship between computing hardware, operating system,
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
CS 346 – Chapter 1 Operating system – definition Responsibilities What we find in computer systems Review of –Instruction execution –Compile – link – load.
Windows 2000 Course Summary Computing Department, Lancaster University, UK.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Thread Scheduling.
Chapter 2: Computer-System Structures Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection Network Structure.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
Author: Monirul Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi Reportor: Chun-Chih Wu Advisor: Hsing-Kuo Pao Select: CCS09’
G53SEC 1 Reference Monitors Enforcement of Access Control.
OPERATING SYSTEM SUPPORT DISTRIBUTED SYSTEMS CHAPTER 6 Lawrence Heyman July 8, 2002.
OSes: 3. OS Structs 1 Operating Systems v Objectives –summarise OSes from several perspectives Certificate Program in Software Development CSE-TC and CSIM,
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.
Operating Systems Security
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
OSes: 2. Structs 1 Operating Systems v Objective –to give a (selective) overview of computer system architectures Certificate Program in Software Development.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Virtualization.
Kernel Design & Implementation
Introduction to Operating Systems
Chapter 2: Computer-System Structures(Hardware)
Chapter 2: Computer-System Structures
Current Generation Hypervisor Type 1 Type 2.
Chapter 1: Introduction
Lecture 24 Virtual Machine Monitors
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 2: Computer-System Structures Computer System Operation I/O Structure Storage.
OS Virtualization.
Introduction to Operating Systems
Computer-System Architecture
Lecture Topics: 11/1 General Operating System Concepts Processes
Operating Systems Lecture 3.
The Design & Implementation of Hyperupcalls
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
Operating Systems: A Modern Perspective, Chapter 3
Sai Krishna Deepak Maram, CS 6410
Shielding applications from an untrusted cloud with Haven
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
CSE 471 Autumn 1998 Virtual memory
Chapter 2: Computer-System Structures
Chapter 2: Computer-System Structures
Xen and the Art of Virtualization
Presentation transcript:

Study on “Secure In-VM Monitoring Using Hardware Virtualization” Qiang.Guan Dependable Computing System Lab New Mexico Tech

1 Contents  Background & Requirements  Secure In-VM monitoring  Implementation  Experiment evaluation  Overhead,…..

2 Background  Rootkits vs security tools  Rootkit: a software program or coordinated set of programs designed to gain control over a computer system or network of computing systems without being detected.softwareprogram  Security tools: antivirus, intrusion detection system, security reference monitoring

3 Two approaches  In-VM & Out-of-VM A: application Dp:system data Cp:system code Cm:monitor code Dm:monitor data K: event hook H; handler to event R: Response to event Dk: data about the event

4 Two monitoring modes Passive vs Active Passive: Cm analyze Cp+Dp Active: include hooks and handlers Monitoring component EventHookHandlerSys Routine Dk R

5 Out-of-VM vs In-VM  Out-of-VM  Pro: provides security ( isolation system from monitor )  Con: cannot provides performance  In-VM  Pro: provides performance (low overhead )  Con: cannot provides security

6 Performance requirements  The overhead (changing privilege between kernel level and hypervisor)  Fast invocation  Read/write in native speed.  In-VM support performance  Out-of VM cannot, why?  Hypervisor is invoked

7 Security requirements  Requirements  Isolate Cm&Dm from Cp&Dp (integrity of Cm&Dm)  Designed point for switching into Cm (switch is neat)  K H is one-to-one mapping  Monitor is not alterable (H is dependent)  Out-of-VM support performance  In-VM cannot, why?  In the same VM environment

8 Secure In-VM  A In-VM to satisfy the security requirements

9 Secure In-VM  A In-VM to satisfy the security requirements New elements

10 Features of SIM  “One-way view” design of memory mapping.  Entry and Exit gate  Transferring execution between system address space and security monitoring space.  Invocation checker Kernel-level Monitor

11 Virtual memory mapping

12 Virtual memory mapping Code and data of SIM is invisible to user address space

13 Virtual memory mapping The entry and exit gate is unchangeable for system space (1to1 policy)

14 Virtual memory mapping Kernel code will not be executed while executing in security monitoring (to make sure all the code in monitoring space is trusted)

15 Implementation  Initialization  To reserve the virtual address ranges for entry and exit gates  To create the SIM virtual space  To load security monitor application (as part of the kernel driver)  To create the link between two space (hook and handler)

16 Experimental evaluation  Test objects  SIM vs Out-of VM (why? Why not In-VM)  Test routine  Monitor Invocation Overhead  Security Application case study  Process creation monitoring  System call tracing

17 Monitor Invocation Overhead  Out-of-VM: null event handler that return immediately

18 Monitor Invocation Overhead  Out-of-VM: null event handler that return immediately  SIM: handler only calls the corresponding exit gate.

19 Result of overhead  10 times faster in avg time  More centralized from std dev

20 Summary  Contradiction  Security monitor vs untrusted guest vm  Basic mode  In-VM & out-of VM  SIM  Performance and security  Based on In-VM and appending security issues.  Result (overhead)  SIM is 10 times better than out-of-VM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.