Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security at the VMM Layer Theodore Winograd OWASP June 14, 2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security at the VMM Layer Theodore Winograd OWASP June 14, 2007."— Presentation transcript:

1 Security at the VMM Layer Theodore Winograd OWASP June 14, 2007

2 Outline Why? VMM Selection Syslog Capture Simple MAC via sys_open Simple MAC via LSM Future Work

3 Why at the VMM layer? COTS software is notoriously buggy We still have to use it Isolate it—and protect the VM system at the same time

4 Why at the VMM layer? Honeypots require fine-grained access control We can’t trust anything on a honeypot

5 VMM Selection QEMU Little documentation Unstable Logging is too detailed Code difficult to follow Ideal for security VMM UML Little documentation Kernel code documented arch/um/include/os.h os_open_file os_read_file os_write_file os_close_file

6 Logging Capture Audit logs must maintain integrity Logs may be recorded at: HW – VM Introspection OS – OS service API – API hooking Application – syslog, log4j, etc… Each layer loses integrity

7 Syslog Capture Why? Most Linux applications use syslog Improve the integrity of the logs Why not via the network? Attackers could modify the syslog daemon Would require network access to the host This could be implemented for any logging framework

8 Syslog Capture: Syslog Architecture util-linux – logger.c UNIX datagram sockets glibc – syslog.h and syslog.c /dev/log Sample contents: Mar 25 22:05:09 login[1890]: ROOT_LOGIN on `tty0’

9 Capture Options net/socket.c Capture ALL socket data sys_send * function calls net/unix/af_unix.c unix_dgram_connect unix_dgram_sendmsg

10 unix_dgram_connect unix_dgram_sendmsg Both receive struct sockaddr * Same address Only connect receives the path name Capture Functions

11 sockaddr * list Store a list of sockaddr * pointers Add to the list at unix_dgram_connect Compare unix_dgram_sendmsg to the list Remove at unix_release

12 MAC Enforces Bell-LaPadula security model No write-down No read-up Enforces process separation Red Hat’s SELinux targeted policies

13 Simple MAC via sys_open Why? Prevent malicious code from accessing sensitive portions of the system Prevent information leakage Maintain file integrity External policy file sys_open is easy to intercept One step towards LSM-based approach

14 Access Control File Format +/-[rwa]:file:UID -r:/tmp/log:1000 -r:/tmp/log:0 +w:/tmp/log:0

15 Linux kernel: do_sys_open long do_sys_open( int dfd, const char __user *filename, int flags, int mode )

16 MAC For every open, compare filename, flags, and uid against the access file current macro – process descriptor UID, PID, GID, parent, etc… Flags …00 – read-only …01 – write-only …10 – read-write …11 - special

17 sys_open problem filename can be relative current->fs knows the current working directory Allows for an easy bypass Must find equivalent inode

18 Simple MAC via LSM Linux Security Modules NSA SELinux Why? External policy Access control for OSs without MAC No need to configure the existing OS

19 Access Control Same access file as sys_open MAC Map filename to an inode Compare inodes

20 LSM Hooks security/selinux/hooks.c selinux_file* security/dummy.c dummy_file*

21 Demonstration

22

23

24

25 Future Work Code hooks to external LSM modules QEMU implementation Log capture and MAC for other OSs Related work: “A VM Introspection Based Architecture for Intrusion Detection” T. Garfinkel: http://suif.stanford.edu/papers/vmi-ndss03.pdfhttp://suif.stanford.edu/papers/vmi-ndss03.pdf “Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection” X. Jiang: http://www.ise.gmu.edu/~xjiang/pubs/SACMAT07.pdfhttp://www.ise.gmu.edu/~xjiang/pubs/SACMAT07.pdf

26 Questions? winograd_theodore@bah.com

Download ppt "Security at the VMM Layer Theodore Winograd OWASP June 14, 2007."

Similar presentations

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
1 Case Study 1: UNIX and LINUX Chapter 10 10.1 History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.

1 Case Study 1: UNIX and LINUX Chapter History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Linux Security.

Linux Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.

EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.

Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
S E C U R E C O M P U T I N G Intrusion Tolerant Server Infrastructure Dick O’Brien, Tammy Kappel, Clint Bitzer OASIS PI Meeting March 14, 2002.

S E C U R E C O M P U T I N G Intrusion Tolerant Server Infrastructure Dick O’Brien, Tammy Kappel, Clint Bitzer OASIS PI Meeting March 14, 2002.
SELinux US/Fedora/13/html/Security-Enhanced_Linux/

SELinux US/Fedora/13/html/Security-Enhanced_Linux/
HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.

HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Similar presentations

Ads by Google