Secure Operating Stuff Lesson “like” 7 (a): Virtualization.

Slides:



Advertisements
Similar presentations
1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.
Advertisements

Virtualization Dr. Michael L. Collard
Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
5/17/2015 9:36 AM Confinement James Hook CS 591: Introduction to Computer Security.
V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?
Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
Distributed Systems CS Virtualization- Overview Lecture 22, Dec 4, 2013 Mohammad Hammoud 1.
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
CS 149: Operating Systems April 21 Class Meeting
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Virtualization: Not Just For Servers Hollis Blanchard PowerPC kernel hacker.
Virtual Machine and its Role in Distributed Systems.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
System Virtualization 1 Learning Objective: –To understand the implementation choices and details of System Virtualization COMP
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Security Vulnerabilities in A Virtual Environment
Full and Para Virtualization
Lecture 12 Virtualization Overview 1 Dec. 1, 2015 Prof. Kyu Ho Park “Understanding Full Virtualization, Paravirtualization, and Hardware Assist”, White.
Introduction Why are virtual machines interesting?
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing,
Operating-System Structures
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
Virtualizing a Multiprocessor Machine on a Network of Computers Easy & efficient utilization of distributed resources Goal Kenji KanedaYoshihiro OyamaAkinori.
Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->
Virtual Machines Mr. Monil Adhikari. Agenda Introduction Classes of Virtual Machines System Virtual Machines Process Virtual Machines.
Overview of Virtualization The magic of virtual machines Borislav Varadinov Telerik Software Academy System Administrator Marian.
1 Virtualization "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same.
Virtualization for Cloud Computing
Virtualization.
Virtualization D. J. Foreman 2009.
Virtualization Technology
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLOUD COMPUTING
Virtualization Dr. Michael L. Collard
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Virtual Machines: Versatile Platforms for Systems and Processes
Lecture 24 Virtual Machine Monitors
Java Win32 native Java VM Linux OS ARM VM Runtime Windows OS
Virtualization, Cloud Computing and Big Data
Virtualization overview
Virtual Servers.
Running other code under LINUX
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
OS Virtualization.
Virtualization Layer Virtual Hardware Virtual Networking
Virtualization Techniques
Bethesda Cybersecurity Club
LAB 01 Installation of VIRTUAL MACHINE and LINUX
CompTIA Security+ Study Guide (SY0-501)
Virtual machines benefits
Virtualization Dr. S. R. Ahmed.
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Test Optimization Using Software Virtualization
Presentation transcript:

Secure Operating Stuff Lesson “like” 7 (a): Virtualization

Virtualization  Because of the hype around “the cloud”, virtualization has become pretty big news  However, virtualization is something we really need to understand if we want to reason about host and OS :P security

What is Virtualization?  Type 1 Hypervisor “native”, “bare metal”  Type 2 Hypervisor “hosted”

Paravirtualization  Instead of modifying all the IO to run through the Hypervisor, we can modify the hosted OS to use specific calls for IO Think of this as collaborative virtualization, in essence (hosted OS “collaborates” to take part in the illusion)

How?  There are really only three different routes to machine virtualization… How would you do it? What problems do we need to think about?

Hardware Assistance  Intel and AMD have extended their instruction set to provide hardware support for virtualization The Intel VT-I and VT-x instruction sets are powerful, and create a very capable platform I have no comment on the AMD instructions, as I am less familiar with them

Possible Threat: SubVirt  Theoretically (and in practice) you could make malware which threw the entire host OS into a VM Benefits? Disadvantages?

Detecting a VM Rootkit?  One basic tenet…

The Presence of Covert Channels  What is a covert channel? Lampson: a channel “not intended for information transfer at all, such as the service program’s effect on system load”

Five Concerns from Bratus et al. 1. Weaknesses in remote management 2. Increase in management cost (the VM and the host) 3. Creeping Guest to Host APIs 4. Information Flow Policy (see “Virtual Machines, Virtual Security”) 5. Conflation of two issues – the provider and the monitor…

Virtual Machine, Virtual Security?  This is really a nice little article that forces you to think about isolation – if we split everything up, we need to make holes to use the systems…  How many OS vulns really relied on exploits of the privilege system? How many relied on incorrect privileges?

Why do we think we can do this?

With that said…  Virtualization Can Help Malware Analysis Rollback/trusted monitor “Disposable” computing

But also…  Virtualization Can Hurt Rootkits Covert Channels Escape from the VMM

To Do  If you’re interested (will help but is not required reading – good reference) read “Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization”  For the exam, must read “VM-based security overkill: a lament for applied systems security research” and (the very short) “Virtual Machines, Virtual Security”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.