By Dunlap, King, Cinar, Basrai, Chen

Slides:



Advertisements
Similar presentations
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Advertisements

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging And Replay Authors: George W. Dunlap Samuel T. King Sukru Cinar Murtaza A. Basrai Peter.
Figure 1.1 Interaction between applications and the operating system.
Real-Time Kernels and Operating Systems. Operating System: Software that coordinates multiple tasks in processor, including peripheral interfacing Types.
An Out-of-the-Box Approach to High Assurance Computer System Monitoring and Integrity Protection Cyber Defense Conference, Rome, NY, May 12-14, 2008 Assistant.
Towards Application Security On Untrusted OS
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Operating System Support for Virtual Machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
SymCall: Symbiotic Virtualization Through VMM-to-Guest Upcalls John R. Lange and Peter Dinda University of Pittsburgh (CS) Northwestern University (EECS)
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.
80386DX.
HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Device Drivers.
Operating System Support for Virtual Machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
CS533 Concepts of Operating Systems Jonathan Walpole.
Operating Systems Lecture 7 OS Potpourri Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
 Securing and Administering Virtual Machines George Manley and Yang He.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Presented By, Bhargavi Konduru.  Nowadays, most electronic appliances have computing capabilities that run on embedded operating system (OS) kernels,
Seminar of “Virtual Machines” Course Mohammad Mahdizadeh SM. University of Science and Technology Mazandaran-Babol January 2010.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Operating Systems Security
Security Vulnerabilities in A Virtual Environment
Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
VMM Based Rootkit Detection on Android
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Processes Chapter 3. Processes in Distributed Systems Processes and threads –Introduction to threads –Distinction between threads and processes Threads.
System is a set of interacting or interdependent components forming an integrated whole.
Virtual Machines (part 2) CPS210 Spring Papers  Xen and the Art of Virtualization  Paul Barham  ReVirt: Enabling Intrusion Analysis through Virtual.
Monitoring Windows Server 2012
DDC 2223 SYSTEM SOFTWARE DDC2223 SYSTEM SOFTWARE.
Operating System Structure
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
Operating Systems Design (CS 423)
Operating System Structure
CIT 480: Securing Computer Systems
Backtracking Intrusions
Introduction to Operating Systems
EECS 498 Introduction to Distributed Systems Fall 2017
Mobile and Desktop Memory Management
Virtualization Layer Virtual Hardware Virtual Networking
Virtualization Techniques
Operating System Support for Virtual Machines
Auditing Using Virtual Machines
Partition Starter Find out what disk partitioning is, state key features, find a diagram and give an example.
Bethesda Cybersecurity Club
Outline Chapter 2 (cont) OS Design OS structure
Prof. Leonardo Mostarda University of Camerino
EEC 688/788 Secure and Dependable Computing
John Backes, Rockwell Collins Dan DaCosta, Rockwell Collins
 Is a machine that is able to take information (input), do some work on (process), and to make new information (output) COMPUTER.
Presentation transcript:

ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay By Dunlap, King, Cinar, Basrai, Chen Presented by Seth Goldstein and Nathan Immerman EECS 582 – W16

Outline Attacks Current Systems UMLinux Trusted Computing Base ReVirt Evaluation Conclusion

Attacks Use unintended consequences of non-deterministic events Attempt to gain root access Change code

Current Systems Security Completeness Logs can be modified by a malicious kernel Completeness Don’t log external events

UMLinux OS-on-OS Diagram Using UMLinux VMM loadable kernel module OS-on-OS Provides software analog for peripherals OS-on-OS Diagram Using UMLinux

Trusted Computing Base (TCB) Everything in a computing system that provides a secure environment OS-on-OS “The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.” ~Wikipedia

ReVert: Details Deterministic and Non-Deterministic Events Cooperative Logging Analyzing Attacks

Deterministic / Non-Deterministic Events Most normal instructions do not need to be logged Non-Deterministic Events Time (interrupts) and external input (ex. human input) Only need to log events that affect actions of VM Use “branch_retired” to monitor branching and interrupts

Cooperative Logging One computers outgoing message is another computer’s incoming Multiple computers can use ReVirt and perform a replay together

Analysis of Attacks Allows administrators to replay attacks Run inside the guest OS Debuggers and disk analyzer Input packets from log

Evaluation Virtualization Overhead Correctness Replay Overhead

Virtualization Overhead Very little overhead added for computationally heavy tasks High overhead for tasks that have a lot of kernel calls - more VMM involvement

Correctness Saved register values and branch_retired to validate replay Validates interprocess interaction and external inputs It works.

Logging and Replay Overhead Logging and replay time overhead manageable Daily use - 0.2GB/day * 365 days/year = 73GB per year!

Conclusion ReVirt successfully allows administrators to replay long-term instruction by instruction execution of a computer system

Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.