VMPCS-OGC Virtual Machine Protection and Checking System using Out-of-Guest Control ferify.

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

Operating-System Structures
CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.
CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
CS533 Concepts of Operating Systems Class 14 Virtualization.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Early OS security Overview by: Greg Morrisett Cornell University, Edited (by permission) for CSUS CSc250 by Bill Mitchell.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Lecture 7 Access Control
To run the program: To run the program: You need the OS: You need the OS:
Tanenbaum 8.3 See references
Systems Security & Audit Operating Systems security.
1 Julius Davies Architectural Technology Specialist Microsoft.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
29th ACSAC (December, 2013) SPIDER: Stealthy Binary Program Instrumentation and Debugging via Hardware Virtualization Zhui Deng, Xiangyu Zhang, and Dongyan.
CS533 Concepts of Operating Systems Jonathan Walpole.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control.
© 2004 IBM Corporation IBM ^ z/VM Design considerations > Security > Performance (SIE)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Operating Systems Lecture November 2015© Copyright Virtual University of Pakistan 2 Agenda for Today Review of previous lecture Hardware (I/O, memory,
02/09/2010 Industrial Project Course (234313) Virtualization-aware database engine Final Presentation Industrial Project Course (234313) Virtualization-aware.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Operating Systems Security
Security Vulnerabilities in A Virtual Environment
Full and Para Virtualization
Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
VMM Based Rootkit Detection on Android
1.1 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 1: Introduction What Operating Systems Do √ Computer-System Organization.
Computer System Structures
Containers as a Service with Docker to Extend an Open Platform
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Protecting Memory What is there to protect in memory?
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Lecture 24 Virtual Machine Monitors
Operating System Structure
CS490 Windows Internals Quiz 2 09/27/2013.
R
FICEER 2017 Docker as a Solution for Data Confidentiality Issues in Learning Management System.
Backtracking Intrusions
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
OS Virtualization.
Virtualization Techniques
Chapter 33: Virtual Machines
SECURITY IN THE LINUX OPERATING SYSTEM
Basic Concepts Protection: Security:
Virtual machines benefits
Operating Systems Lecture 3.
Computer Security: Art and Science, 2nd Edition
Operating System Hardening
O/S Organization © 2004, D. J. Foreman.
Designing IIS Security (IIS – Internet Information Service)
O/S Organization © 2004, D. J. Foreman.
Preventing Privilege Escalation
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Access Control and Audit
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Chapter 33: Virtual Machines
Presentation transcript:

VMPCS-OGC Virtual Machine Protection and Checking System using Out-of-Guest Control ferify

Why cant we have synergy between the Hypervisor and VM Guest? Since a Hypervisor (Bare Metal) has less processes … and Since a Hypervisor is at arms length from the end users … and Since a Hypervisor is administered by an admin, with no web browsers and user based processes … and Since a Hypervisor can have a small code base (<50k lines or code), there is less of a chance of errors in the code running on the hypervisor ...and… Since a VM Guest can have great usability … but Since with a great usability VM Guest OS has greater chance of many process .. and Since it has a greater chance of having many applications … and Since it has many applications, it has a better chance of having more developers and therefor due to all of the above, the VM Guest OS has a greater chance of being low assurance, …

Scenario Remotely accessible Virtual Machine Legitimate Secure user1 account Compromised legitimate user2 account Root access gained from user2 account or root privilege gained through a poorly created application Many Virtual Machine Introspection solutions protect the kernel and the OS from corruption

Why cannot the Hypervisor better protect the VM Guest, perhaps it can protect the VM Guests files VM Guest OS must access its files from the Hypervisor Hypervisor security code determines if access is granted or not from a file table of file attributes No matter what happens on the VM Guest, access is determined by the Hypervisor Hypervisor Hypervisor security code VM Guest file access File Memory Location

Introduction to ferify Goal: Prevent unauthorized access to user’s files from other users/processes including root. Protect the user’s files directly from the hypervisor. ferify is based on DRAKVUF, “…a virtualization based agentless black-box binary analysis system…” The VM Guest should not affect the security measures Minimal footprint that is nearly undetectable Linux based protection system using system call interrupts

Methodology

What is monitored All processes, current and future All file access requests through the trapped system calls are compared to an ACL table on the Hypervisor Credentials of running processes User process changes (fork-as-user, then access a file) All execution requests are trapped via system calls and compared to ACLs on the Hypervisor with a denied by default / white listing Attempts at kernel modification are trapped via system calls and denied The kernel system call memory locations are compared when used

Future Work for VMPCS-OGC How can ferify be used as a Honeypot and can we lean real time what are the vectors of malware insertion? How can Red Teaming be performed on ferify? How can ferify be enhanced to perform extended messaging (using drakvuf/libvmi/altp2m there is great access to all processes and users) and what kind of messaging should be enabled? Can ferify be extended to perform file privacy even when the file protected is accessible by legitimate users, such as database files (can we create extended groups for obfuscation, or a file prevention mechanism based on fork-as-user, then file access)? Can we use drakvuf to extend Windows7 or Windows10 to protect files?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.