Breaking Up is Hard to Do

Slides:



Advertisements
Similar presentations
Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,
Advertisements

Ian Pratt SVP, Products Bromium Inc.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Breaking Up is Hard to Do Security and Functionality in a Commodity Hypervisor 1 Patrick Colp†, Mihir Nanavati†, Jun Zhu‡ William Aiello†, George Coker*,
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Xen , Linux Vserver , Planet Lab
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Systems with small trusted computing bases (TCBs) open possibility for automated security verification of systems Example: SecVisor - a 3kLOC security.
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &
E Virtual Machines Lecture 4 Device Virtualization
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
Appendix B Planning a Virtualization Strategy for Exchange Server 2010.
Virtualization Concepts Presented by: Mariano Diaz.
Xen I/O Overview. Xen is a popular open-source x86 virtual machine monitor – full-virtualization – para-virtualization para-virtualization as a more efficient.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Virtualization for Adaptability Project Presentation CS848 Fall 2006 Umar Farooq Minhas 29 Nov 2006 David R. Cheriton School of Computer Science University.
Virtualization: Not Just For Servers Hollis Blanchard PowerPC kernel hacker.
The Best of Both Worlds with On-Demand Virtualization Thawan Kooburat and Michael M. Swift On-Demand Virtualization allows systems to benefit from virtualization.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Xen Basics A Primer for the CPS 110 Programming Assignments Angela Dalton.
CS533 Concepts of Operating Systems Jonathan Walpole.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
MATSUMOTO Hitoshi SCSI support on Xen MATSUMOTO Hitoshi Fujitsu Ltd.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Operating Systems Security
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Security Vulnerabilities in A Virtual Environment
Full and Para Virtualization
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
Operating-System Structures
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.
VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.
Intro To Virtualization Mohammed Morsi
Open Source Virtualization Andrey Meganov RHCA, RHCX Consultant / VDEL
Virtualization Neependra Khare
Virtualization for Cloud Computing
Chapter 6: Securing the Cloud
Virtualization Technology
Why VT-d Direct memory access (DMA) is a method that allows an input/output (I/O) device to send or receive data directly to or from the main memory, bypassing.
Current Generation Hypervisor Type 1 Type 2.
A Survey of Virtual Machine Research
Prepared by: Assistant prof. Aslamzai
London OpenStack Meetup, July 2012 libvirt & KVM with OpenStack Nova
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,
Java Win32 native Java VM Linux OS ARM VM Runtime Windows OS
Virtualization overview
Group 8 Virtualization of the Cloud
CIT 480: Securing Computer Systems
COMPTIA CAS-003 Dumps VCE
OS Virtualization.
Virtualization Layer Virtual Hardware Virtual Networking
Virtualization Techniques
SCONE: Secure Linux Containers Environments with Intel SGX
Shielding applications from an untrusted cloud with Haven
Introduction to Virtual Machines
Introduction to Virtual Machines
Hypervisor A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer.
Presentation transcript:

Breaking Up is Hard to Do Security and Functionality in a Commodity Hypervisor Presented by Saad Arif

Virtualization in Cloud Computing Cloud computing uses virtualization to lease small slices of large scale datacenter facilities to individual paying customers Virtualization offers Resource utilization Administrative features Support of existing software Results in large scale hosting platforms

Companies in the Cloud (all these run in EC2 or Rackspace)

Virtualization in Cloud Computing Control VM (Dom0) Often a full OS Similar privileges as hypervisor Offers services to guest VMs

Hypervisors are Secure Narrow interface Small codebase x86 x86 x86 Hypervisor Xen: 280 KLOC (based on the current version) Nova: 9 KLOC (microvisor) + 20 KLOC (VMM) [EuroSys’10] SecVisor: 2 KLOC [SOSP’07] Flicker: 250 LOC [EuroSys’08]

Example Attack Vectors CERT vulnerability database for type-1 hypervisors 44 attacks 23 originated from within guest VMs Based on attack vector, 14 showed device emulation layer vulnerabilities 2 in virtualized device layer 5 in management component Only 2 hypervisor exploits So 21 out 23 were attacks against service components in the control VM

“We are the 90%” Manage devices Create and destroy VMs Control VM (Dom0) IPC User A’s VM Management Device Emulation Platform User B’s VM Device Drivers Manage devices Create and destroy VMs Arbitrarily access memory Hypervisor

Isolate services into least-privileged service VMs Exposure to Risk Isolate services into least-privileged service VMs Make sharing between components explicit Contain scope of exploits in both space and time Constraint: Don’t reduce functionality, performance, or maintainability of the system

SPACE

Space Time Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Qemu Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Isolation Space Time Control VM IPC IPC IPC XenStore XenStore Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Emulator PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Space Time Isolation Control VM IPC IPC IPC XenStore XenStore Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Configurable Sharing User A’s Network User A’s Tools User A’s Block User A’s VM User A’s Tools User A’s Block User B’s Network User B’s VM User B’s Tools User B’s Block

Configurable Sharing User A’s VM Network Tools Block User B’s VM

Configurable Sharing User A’s Network User A’s Tools User A’s Block User A’s VM User A’s Tools User A’s Block User B’s Network User B’s VM User B’s Tools User B’s Block

Space Time Isolation Configurable Sharing Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Auditing User A’s VM Which VMs were relying on the Block component while it was compromise? Which VMs were relying on the Block component while it was compromise? Network User B’s VM Block Create Block Network User C’s VM VM B and VM C

Space Time Isolation Configurable Sharing Auditing Control VM IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Time TIME

Space Time Containment Configurable Sharing Auditing Control VM IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Disposable PCI Config Services System Boot Hypervisor

Space Time Isolation Configurable Sharing Auditing Disposable Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Snapshots 4-25 ms VM VM

Space Time Isolation Configurable Sharing Auditing Disposable Timed Restarts Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Stateless VMs Builder Builder Builder User B’s VM User A’s VM

Space Time Isolation Configurable Sharing Auditing Disposable Timed Restarts Stateless Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

Space + Time

Space Space + Time Time Isolation Configurable Sharing Auditing Disposable Timed Restarts Stateless Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

I’ve enabled the network driver to map page 0xDEADBEEF Composition User A’s VM OK XenStore XenStore-State XenStore-Logic User B’s VM B: Network can map 0xDEADBEEF I’ve enabled 0xPWND I’ve enabled the network driver to map page 0xDEADBEEF Hypervisor

I’ve enabled the network driver to map page 0xDEADBEEF Composition User A’s VM OK XenStore XenStore-State XenStore-Logic User B’s VM B: Network can map 0xDEADBEEF A: Please shut me down A: Please shut me down I’ve enabled 0xPWND I’ve enabled the network driver to map page 0xDEADBEEF Hypervisor

I’ve enabled the network driver to map page 0xDEADBEEF Composition Monitor User A’s VM OK XenStore-State XenStore XenStore-Logic B User B’s VM B: Network can map 0xDEADBEEF A: Please shut me down A: Please shut me down I’ve enabled the network driver to map page 0xDEADBEEF I’ve enabled 0xPWND Hypervisor

Space + Time Space Time Isolation Configurable Sharing Auditing Composition Time Disposable Timed Restarts Stateless Control VM IPC IPC IPC XenStore XenStore Platform Platform Management Management User A’s VM Management Device Emulation Device Emulation Device Emulation Qemu PCI Config PCI Config Builder Tools Builder Tools Emulator Platform Device Drivers Device Drivers User B’s VM Device Drivers System Boot System Boot Network Network Block Block Hypervisor

EVALUATION

Evaluation What do privileges look like now? What is the impact on the security of the system? What are the overheads? What impact does isolation have on performance? What impact do restarts have on performance?

Privileges Privilege System Boot PCI Config Builder Tools Block Network XenStore Arbitrarily Access Memory X Access and Virtualize PCI devices Create VMs Manage VMs Manage Assigned Devices Privilege System Boot PCI Config Builder Tools Block Network XenStore Arbitrarily Access Memory X Access and Virtualize PCI devices Create VMs Manage VMs Manage Assigned Devices Privilege System Boot PCI Config Builder Tools Block Network XenStore Arbitrarily Access Memory X Access and Virtualize PCI devices Create VMs Manage VMs Manage Assigned Devices

Security Of the 21 vulnerabilities against the control plane, we contain all 21 TCB is reduced from the control VM’s 7.5 million lines of code (Linux) to Builder’s 13,500 (on top of Xen)

Isolation Performance Postmark performance wget performance

Restart Performance Kernel build performance

CONCLUSION

Summing it All Up Components of control VM a major source of risk Xoar isolates components in space and time Contains exploits Provides explicit exposure to risk Functionality, performance, and maintainability are not impacted

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.