Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

Slides:

Advertisements

Similar presentations

Ian Pratt SVP, Products Bromium Inc.

Advertisements

Virtualization Technology

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.

Figure 1.1 Interaction between applications and the operating system.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Virtualization for Cloud Computing

Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.

Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.

Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.

Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &

Week 6 Operating Systems.

Tanenbaum 8.3 See references

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Author : Jiang Wang, Angelos Stavrou, and Anup Ghosh Conference: RAID 2010 Advisor: Yuh-Jye Lee Reporter: Yi-Hsiang Yang

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Protection and the Kernel: Mode, Space, and Context.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee (ISCA follow up soon to.

Xen I/O Overview. Xen is a popular open-source x86 virtual machine monitor – full-virtualization – para-virtualization para-virtualization as a more efficient.

Xen I/O Overview.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

VirtualBox What you need to know to build a Virtual Machine.

Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.

Our work on virtualization Chen Haogang, Wang Xiaolin {hchen, Institute of Network and Information Systems School of Electrical Engineering.

CS533 Concepts of Operating Systems Jonathan Walpole.

Author: Monirul Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi Reportor: Chun-Chih Wu Advisor: Hsing-Kuo Pao Select: CCS09’

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Cloud Operating System Unit 09 Cloud OS Core Technology M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,

02/09/2010 Industrial Project Course (234313) Virtualization-aware database engine Final Presentation Industrial Project Course (234313) Virtualization-aware.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Operating Systems Security

Security Vulnerabilities in A Virtual Environment

Full and Para Virtualization

1 Lecture 1: Computer System Structures We go over the aspects of computer architecture relevant to OS design  overview  input and output (I/O) organization.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Enforcing Executing-Implies-Verified with the Integrity-Aware Processor Michael LeMay Carl A. Gunter University of Illinois at Urbana-Champaign Modified.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->

Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

Virtualization for Cloud Computing

Virtualization.

Virtualization Technology

Breaking Up is Hard to Do

Presented by Yoon-Soo Lee

Current Generation Hypervisor Type 1 Type 2.

Xen: The Art of Virtualization

CIT 480: Securing Computer Systems

OS Virtualization.

NoHype: Virtualized Cloud Infrastructure without the Virtualization

Virtualization Techniques

CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Sai Krishna Deepak Maram, CS 6410

Shielding applications from an untrusted cloud with Haven

Xen and the Art of Virtualization

System Virtualization

Presentation transcript:

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文

Outline  Introduction  Virtualization vulnerabilities  Threat model  NoHype system architecture  Prototype design  Security analysis  Related work  Conclusion 2

Introduction （ 1/2 ）  Web services & Cloud infrastructure providers  Multi-tenancy → SECURITY  Virtualization software Virtualization software  Previous approaches  NoHype system eliminating the hypervisor attack surface altogether 3

Introduction （ 2/2 ）  NoHyper Retain the ability to run and manage VMs in the same way Achieve with today’s commodity hardware Prevent attacks  Contributions Eliminating the hypervisor attack surface Realizing on today’s commodity hardware A prototype implementation and system evaluation 4

Virtualization vulnerabilities （ 1/2 ）  Hypervisor Hypervisor A program allows multiple OSs to share a single hardware host  Roles of virtualization software Roles of virtualization software  Roles of hypervisor Processor cores Memory I / O devices Interrupts and Timers 5

Virtualization vulnerabilities （ 2/2 ）  Attack Surface Interaction between guest VM & hypervisor VM exit ○ the VM’s code is interrupted and the hypervisor’s code begins to execute to handle some event ○ How often this happens? How often this happens? VM sends info. to hypervisor so the hypervisor can handle the event 6

Threat model  NoHype Avoiding attacks from malicious guest VMs when VM exit happens Eliminating the need for interaction Assumptions ○ Guest OS’s security ○ Cloud management software 7

NoHype system architecture （ 1/3 ）  Pre-allocating memory and cores Hypervisor dynamically manages the memory and processor cores’ resources Dedicating number of cores to the specific VM Guest VM can use the local APIC directly Pre-allocating memory Hardware paging mechanisms 8

NoHype system architecture （ 2/3 ）  Using only virtualized I/O devices Dedicating I/O devices to the guest VM Virtualized NIC, storage, graphics card  Short-circuiting the system discovery Allowing the guest OS boot normally Modifying guest OS to cache system configuration data Temporary hypervisor No customer code executes while any underlying virtualization software is present 9

NoHype system architecture （ 3/3 ）  Avoiding indirection Hypervisor performs indirections that map the virtual view to real hardware Guest VM directly accesses the processor ID 10

Prototype design （ 1/5 ）  VM creation customer’s request → cloud management software → system software → create VM Xen ○ Pre-setting EPT(Extended Page Tables) ○ Physical function driver for NIC ○ pinning a VM to a set of cores ○ allocating the virtualized NIC 11

Prototype design （ 2/5 ）  Guest VM bootup Guest VM bootup Xen’s inclusion of bootloader, hvmloder Descoverying devices ○ Temporary hypervisor ○ Modified QEMU to return “no device” for all but a network card ○ Interrupt ： Modified Xen & Linux choose the same configurable vector 12

Prototype design （ 3/5 ） Discovering processor capabilities ○ The clock frequency --- software virtualized HPET ○ The core identifier --- pass the actual identifier ○ Processor’s features --- implementation CPUID  Hypervisor disengagement Guest OS kernel module Hypercall with an unused hypercall number ○ Hypervisor disengagement ○ Sending an IPI to other cores of the VM 13

Prototype design （ 4/5 ） Remove the VM from several lists Guest’s full control of the individual core Initialize the local APIC registers Execution control is transferred to the user’s code  Guest execution and shutdown Guest execution and shutdown Modify the guest Linux kernel Shutdown by itself or by VMCSVMCS 14

Prototype design （ 5/5 ）  Raw performance evaluation 1% performance improvement 15

Security analysis （ 1/2 ）  Remaining hypervisor attack surface Interaction between the cloud manager and the system manager  future work Temporary hypervisor & modified guest OS kernel Trusted Computing Base  VM to VM attack surface Sending IPIs to other guest VMs 16

Security analysis （ 2/2 ）  Isolation between VMs Pre-setting EPT to assign physical pages to a VM performance  VMs mapping physical infrastructures Infrastructure mapping attacks 17

Related work  Minimizing the hypervisor TrustVisor ： Efficient TCB reduction and attestation TrustVisor ： Efficient TCB reduction and attestation  New processor architectures Introduction to the new mainframe ： z/VM basics Introduction to the new mainframe ： z/VM basics  Hardening the hypervisor HyperSafe ： A lightweight approach to provide lifetime hypervisor control-flow integrity HyperSafe ： A lightweight approach to provide lifetime hypervisor control-flow integrity  Direct access to hardware 18

Conclusion  Design, implementation and evaluation of a working NoHype system on today’s commodity hardware  Removing the attack surface  1% faster run time 19

20

21

22

23

24

25