Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Slides:

Advertisements

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

Advertisements

VCS 5.0 for VMware ESX.

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Universitá degli Studi di LAquila Mälardalens Högskola, Västerås 10th September 2009 Integrating Wireless Systems into Process Industry and Business Management.

Chapter 1 Introduction Copyright © Operating Systems, by Dhananjay Dhamdhere Copyright © Introduction Abstract Views of an Operating System.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.

Real Time Versions of Linux Operating System Present by Tr n Duy Th nh Quách Phát Tài 1.

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.

1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

Content Overview Virtual Disk Port to Intel platform

Hardware-assisted Virtualization

1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.

Source: IEEE Pervasive Computing, Vol. 8, Issue.4, Oct.2009, pp. 14 – 23 Author: Satyanarayanan, M., Bahl, P., Caceres, R., Davies, N. Adviser: Chia-Nian.

LOGO Mobile Cloud Computing Hossein Abdolghafar Advisor :Dr. H.Salimi Februray /25.

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Executional Architecture

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.

1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.

Addition 1’s to 20.

25 seconds left…...

BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.

Breaking Up is Hard to Do Security and Functionality in a Commodity Hypervisor 1 Patrick Colp†, Mihir Nanavati†, Jun Zhu‡ William Aiello†, George Coker*,

We will resume in: 25 Minutes.

1 PART 1 ILLUSTRATION OF DOCUMENTS  Brief introduction to the documents contained in the envelope  Detailed clarification of the documents content.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.

Towards Application Security On Untrusted OS

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Security Vulnerabilities in A Virtual Environment

SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Virtual Machines. A virtual machine takes the layered approach to its logical conclusion. It treats hardware and the operating system kernel as though.

Breaking Up is Hard to Do

NEWS LAB 薛智文嵌入式系統暨無線網路實驗室

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

Cloud Security 李芮，蒋希坤，崔男 2018年4月.

Sai Krishna Deepak Maram, CS 6410

SCONE: Secure Linux Containers Environments with Intel SGX

Shielding applications from an untrusted cloud with Haven

Security in SDR & cognitive radio

First Principles of Cybersecurity

Presentation transcript:

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 1

The goal of computer security Computer security: a branch of information security applied to computers Computer security: a branch of information security applied to computers Three objectives of information security: Three objectives of information security: Confidentiality Confidentiality Integrity Integrity Availability Availability Integrity: Data validation, One-way Hash, Digital signature Availability: Defending DoS, Back up / restore, Load balancing Confidentiality : Authentication, Authorization, Access control, Encryption/ Decryption 2 against DoS,

What is virtualization? Virtualization: Technology for creating a software-controlled environment to allow program execution in it [1] Virtualization: Technology for creating a software-controlled environment to allow program execution in it [1] [1] [2] Barham et al., “Xen and the art of virtualization,” SOSP

Relationship between virtualization and security On the one hand, virtualization can be utilized to enhance security On the one hand, virtualization can be utilized to enhance security Secure logging (Chen et al., 2001) Secure logging (Chen et al., 2001) Terra architecture (Garfinkel et al., 2003) Terra architecture (Garfinkel et al., 2003) On the other hand, virtualization also gives rise to several security concerns On the other hand, virtualization also gives rise to several security concerns Scaling, transience, software lifecycle, diversity, mobility, identity and data lifetime [1] Scaling, transience, software lifecycle, diversity, mobility, identity and data lifetime [1] Virtual machine-based rootkits (VMBR) [2] Virtual machine-based rootkits (VMBR) [2] [1] Garfinkel et al., “When virtual is harder than real,” HTOS 2005 [2] King et al., “Subvirt: Implementing malware with virtual machines,” IEEE S&P

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 5

Security challenges in virtualization-based architecture 6 Our work tries to solve one of the fundamental security concerns in virtualization The trusted computing base of a VM is too large

A Security challenge of virtualization-based architecture Trusted computing base (TCB): a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security [1] Trusted computing base (TCB): a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security [1] Smaller TCB  more security Smaller TCB  more security A TCB [1] Lampson et al., “Authentication in distributed systems: Theory and practice,” ACM TCS B C

A Security challenge of virtualization-based architecture (Contd.) Security challenge : TCB for a VM is too large Security challenge : TCB for a VM is too large Smaller TCB Actual TCB 8

Xen architecture and the threat model Management VM – Dom0 Management VM – Dom0 Guest VM – DomU Guest VM – DomU Dom0 may be malicious Dom0 may be malicious Vulnerabilities Vulnerabilities Device drivers Device drivers Careless/malicious administration Careless/malicious administration Dom0 is in the TCB of DomU because it can access the memory of DomU, which may cause information leakage/modification Dom0 is in the TCB of DomU because it can access the memory of DomU, which may cause information leakage/modification 9

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 10

Towards a secure execution environment for DomU Scenario: A client uses the service of a cloud computing company to build a remote VM Scenario: A client uses the service of a cloud computing company to build a remote VM A secure network interface A secure network interface A secure secondary storage A secure secondary storage A secure run-time environment A secure run-time environment Build, save, restore, destroy Build, save, restore, destroy 11

Towards a secure execution environment for DomU (Contd.) A secure run-time environment is the most fundamental A secure run-time environment is the most fundamental The first two already have solutions: The first two already have solutions: Network interface: Transport layer security (TLS) Network interface: Transport layer security (TLS) Secondary storage: Network file system (NFS) Secondary storage: Network file system (NFS) The security mechanism in the first two rely on a secure run-time environment The security mechanism in the first two rely on a secure run-time environment All the cryptographic algorithms and security protocols reside in the run-time environment All the cryptographic algorithms and security protocols reside in the run-time environment 12

Domain building Building process Building process 13

Domain save/restore 14

Page3 Domain save/restore (Contd.) Dom0 Page1 Page2 Page3 Page4 Page5 DomU memory Storage Page1 Page2 Page3 S Xen Layer 15

Page3 Domain save/restore (Contd.) Dom0 Page1 Page2 Page3 Page4 Page5 DomU memory Storage Page1 Page2 Xen Layer Page1 Hash Page3 3egap Hash W S Page4 $ 16

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 17

Implementation & results Modification of Xen system only affects domain build, save and restore Modification of Xen system only affects domain build, save and restore Normal work in DomU has little performance degradation Normal work in DomU has little performance degradation 18

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 19

Security analysis Malicious Dom0 in original Xen system may: Malicious Dom0 in original Xen system may: Access any memory page of DomU and read its content Access any memory page of DomU and read its content Access any memory page of DomU and change its content Access any memory page of DomU and change its content Randomly start and shut down the domain, and thus control the availability of all VMs Randomly start and shut down the domain, and thus control the availability of all VMs We successfully solved the first two security concerns, with a small execution time overhead We successfully solved the first two security concerns, with a small execution time overhead 20

Outline Background: Security & Virtualization Background: Security & Virtualization Security challenges in virtualization-based architecture Security challenges in virtualization-based architecture A secure virtual machine execution environment A secure virtual machine execution environment Implementation & results Implementation & results Security analysis Security analysis Conclusion Conclusion 21

Conclusion Virtualization technology can both benefit and undermine computer security in different ways Virtualization technology can both benefit and undermine computer security in different ways One of the fundamental security concerns of virtualization-based architecture is that the TCB of a VM is too large One of the fundamental security concerns of virtualization-based architecture is that the TCB of a VM is too large A protection mechanism in Xen virtualization system proposed, which successfully excludes the management domain out of the TCB with small execution time overhead A protection mechanism in Xen virtualization system proposed, which successfully excludes the management domain out of the TCB with small execution time overhead 22

Thank you!