Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtualization Technology Recently Rookit with Virtualization Technology Maple(www.Wowhacker.com)

Published byPreston Walton Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtualization Technology Recently Rookit with Virtualization Technology Maple(www.Wowhacker.com)"— Presentation transcript:

1 Virtualization Technology Recently Rookit with Virtualization Technology Maple(www.Wowhacker.com)

2 Virtualization Technology Emulation Full-Virtualization Para-Virtualization Hardware-Assistant Virtualization –NOW!

3 Emulation

4 Full-Virtualization –Using Binary Translation : User 레벨의 요청은 바로 수행. : OS 레벨의 요청은 Binary Tranlation 을 거쳐 VMM 이 담당한다.

5 Para-Virtualization –OS 를 수정하여, Systemcalls -> Hypercalls : Binary Translation 을 거치지 않아 비교적 빠르다. : User 요청은 여전히 바로 수행된다.

6 Hardware-Assist Virtualization AMD Pacifica –Focus on SKINIT INTEL VT-X –Focus on SENTER

7 What is Hardware-Assist Virtualization Root / Non-Root Mode VMM ( Virtual Machine Monitor ) VMCB in AMD, VMCS in INTEL »Virtual Machine(guest)’s descriptor Include following things : 1.guest 에게서 가로챌 명령이나 이벤트 리스트 ( 예.write to CR3) 2.guest 의 실행 환경을 타나내는 다양한 제어 비트들이나 guest code 가 수행되기 전에 취해질 특별한 동작들에 대한 비트등 3.Guest 프로세서 상태 ( control register 등등.. ) I/O support by Architecture External Access Protection ( eg., DMA )

8 How work Hardware-Assist Virtualization Setup VMCB or VMCS –Include Intercept instruction list  See Architecture vendor’s reference manual VMRUN or VMLAUNCH –Into the Guest mode( Virtual Machine ) –Execute Guest’s Code #VMEXIT –Back to Host mode( Real Machine ) –Execute Host’s Code »Intercepted Event or Interrupt dispatch

9 So, What?

10 RING -1 HVM Rootkit Bluepill Project

11 What is HVM HVM = Hardware-assisted virtualization

12 BLUEPILL

13 Hardware-Assist means Normal Usage

14 Back to The Matrix

15 BLUEPILL Argorithm -1

16 BLUEPILL Argorithm -2

17 How to Solve? AMD –Secure Virtual Machine Architecture (SVM) INTEL –Trust Execution Technology (TXT) With TPM ( Trusted Platform Module )

18 INTEL TXT Overview

19 TPM Overview

20 INTEL TXT with TPM

21 RING -2 SMM Rootkit

22 What is SMM System Management Mode 일반적인 모든 실행 ( 운영 체제를 비롯 ) 을 일 시 중단하고 구별된 특별한 소프트웨어 ( 보 통 펌웨어나 하드웨어 보조 디버거 ) 가 높은 권한으로 실행된다. 펌웨어 디버거

23 Normal SMM case

24 SMM layout of past

25 Processor’s ViewDRAM 4GB 5GB SMRAM MMIO Current Layout

26 Processor’s View DRAM 4GB 5GB SMRAM MMIO SMRAM Possible in Q35 Memory Remapping Bug

27 Hypervisor with SMM Hypervisor (VMM) STM ( SMM Transfer Monitor ) SMM Communication Protocol Communication Protocol SMI

28 RING -3 AMT with INTEL Another is Noway

29 What is AMT AMT Active Management Technology

30 AMT Example Setup enable for AMT

31 AMT Example

32

33

34

35

36 Security With Hypervisor The GOD observe you

37 Security With Hypervisor

38

39 Real-Storage Virtual- Storage Virtual- Devices NETWORK

40 END 감사감사

Download ppt "Virtualization Technology Recently Rookit with Virtualization Technology Maple(www.Wowhacker.com)"

Similar presentations

Content Overview Virtual Disk Port to Intel platform

Content Overview Virtual Disk Port to Intel platform
Hardware-assisted Virtualization

Hardware-assisted Virtualization
Virtualization Technology

Virtualization Technology
Virtualization Technology For AMD Architecture Steve McDowell Division Marketing Manager Computation Products Group AMD amd.com Geoffrey.

Virtualization Technology For AMD Architecture Steve McDowell Division Marketing Manager Computation Products Group AMD amd.com Geoffrey.
E Virtual Machines Lecture 3 Memory Virtualization

E Virtual Machines Lecture 3 Memory Virtualization
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Crucial Security Programs Ring -1 vs. Ring -2: Containerizing Malicious SMM Interrupt Handlers on AMD-V Pete Markowsky Senior Security Researcher

Crucial Security Programs Ring -1 vs. Ring -2: Containerizing Malicious SMM Interrupt Handlers on AMD-V Pete Markowsky Senior Security Researcher
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Virtualization and Cloud Computing

Virtualization and Cloud Computing
Network Implementation for Xen and KVM Class project for E6998-01: Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
虛擬化技術 Virtualization and Virtual Machines

虛擬化技術 Virtualization and Virtual Machines
© 2010 VMware Inc. All rights reserved Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel®

© 2010 VMware Inc. All rights reserved Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel®
E Virtual Machines Lecture 4 Device Virtualization

E Virtual Machines Lecture 4 Device Virtualization
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Similar presentations

Ads by Google