Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Published byJody Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand."— Presentation transcript:

1 Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand

2 Outline The myth of the secure hypervisor Trusted computing bases Disaggregating Xen Results Future work

3 Xen Small hypervisor –100k lines of code Provides isolation between VMs “Trusting the virtual machine monitor is akin to trusting a real processor” OS Xen Hardware VM

4 Domain Zero Full Linux distribution User-space tools for VM management Privileged hypervisor interface –Map foreign memory –Set foreign VCPU Therefore must be trusted VMDom0 Xen Hardware

5 Threat Model Malicious software running as Dom0 root –Root exploit on Dom0 –Untrusted administrator Want to protect security of other VMs –Confidentiality –Integrity Solution: disaggregation

6 Trusted Computing Base “The set of components on which a subsystem depends” “The totality of protection mechanisms... responsible for enforcing a computer security policy” Anything that can directly invoke a privileged operation –And hence undermine security

7 Call Graph PD z PD y PD x

8 Current Xen Control Stack Build VM Make hypercall Map memorySet VCPU Dom0 User Dom0 Kernel Hypervisor

9 Minimise the TCB? Build VM Make hypercall Map memorySet VCPU Dom0 User Dom0 Kernel Hypervisor

10 Smaller is not always better Build VM Make hypercall Map memorySet VCPU Dom0 User DomB Hypervisor

11 Implementation Xen Dom0 DomB DomU … Xend

12 Results Smaller, static TCB –No longer contains Dom0 userspace –Now only VMM, DomB and Dom0 kernel –With an I/O MMU, only VMM and DomB Other VMs protected from Dom0 root

13 Future Work Virtual TPM support Automated techniques for disaggregation Metrics for trustworthiness

14 Conclusions Virtualised TCB can be surprising Smaller TCB is not always better Choosing appropriate interfaces is crucial

15 Questions

Download ppt "Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand."

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,

Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.

Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.

Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Similar presentations

Ads by Google