Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Operating Stuff Lesson “like” 7 (a): Virtualization.

Published byJohnathan Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Operating Stuff Lesson “like” 7 (a): Virtualization."— Presentation transcript:

1 Secure Operating Stuff Lesson “like” 7 (a): Virtualization

2 Virtualization  Because of the hype around “the cloud”, virtualization has become pretty big news  However, virtualization is something we really need to understand if we want to reason about host and OS :P security

3 What is Virtualization?  Type 1 Hypervisor “native”, “bare metal”  Type 2 Hypervisor “hosted”

4 Paravirtualization  Instead of modifying all the IO to run through the Hypervisor, we can modify the hosted OS to use specific calls for IO Think of this as collaborative virtualization, in essence (hosted OS “collaborates” to take part in the illusion)

5 How?  There are really only three different routes to machine virtualization… How would you do it? What problems do we need to think about?

6 Hardware Assistance  Intel and AMD have extended their instruction set to provide hardware support for virtualization The Intel VT-I and VT-x instruction sets are powerful, and create a very capable platform I have no comment on the AMD instructions, as I am less familiar with them

7 Possible Threat: SubVirt  Theoretically (and in practice) you could make malware which threw the entire host OS into a VM Benefits? Disadvantages?

8 Detecting a VM Rootkit?  One basic tenet…

9 The Presence of Covert Channels  What is a covert channel? Lampson: a channel “not intended for information transfer at all, such as the service program’s effect on system load”

10 Five Concerns from Bratus et al. 1. Weaknesses in remote management 2. Increase in management cost (the VM and the host) 3. Creeping Guest to Host APIs 4. Information Flow Policy (see “Virtual Machines, Virtual Security”) 5. Conflation of two issues – the provider and the monitor…

11 Virtual Machine, Virtual Security?  This is really a nice little article that forces you to think about isolation – if we split everything up, we need to make holes to use the systems…  How many OS vulns really relied on exploits of the privilege system? How many relied on incorrect privileges?

12 Why do we think we can do this?

13 With that said…  Virtualization Can Help Malware Analysis Rollback/trusted monitor “Disposable” computing

14 But also…  Virtualization Can Hurt Rootkits Covert Channels Escape from the VMM

15 To Do  If you’re interested (will help but is not required reading – good reference) read “Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization”  For the exam, must read “VM-based security overkill: a lament for applied systems security research” and (the very short) “Virtual Machines, Virtual Security”

Download ppt "Secure Operating Stuff Lesson “like” 7 (a): Virtualization."

Similar presentations

1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.

1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.
Virtualization Dr. Michael L. Collard

Virtualization Dr. Michael L. Collard
Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008.

Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
5/17/2015 9:36 AM Confinement James Hook CS 591: Introduction to Computer Security.

5/17/2015 9:36 AM Confinement James Hook CS 591: Introduction to Computer Security.
V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?

V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?
Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”

Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
Distributed Systems CS 15-440 Virtualization- Overview Lecture 22, Dec 4, 2013 Mohammad Hammoud 1.

Distributed Systems CS Virtualization- Overview Lecture 22, Dec 4, 2013 Mohammad Hammoud 1.
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.

Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
CS 149: Operating Systems April 21 Class Meeting

CS 149: Operating Systems April 21 Class Meeting
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Similar presentations

Ads by Google