exterior using a dual vm based external shell for guest
play

EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS - PowerPoint PPT Presentation

Nov 29, 2023 •159 likes •559 views

Overview Our Approach Evaluations Conclusion EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery Yangchun Fu , Zhiqiang Lin Department of Computer Science The University of Texas at Dallas

  1. Overview Our Approach Evaluations Conclusion EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery Yangchun Fu , Zhiqiang Lin Department of Computer Science The University of Texas at Dallas March 17 th , 2013

  2. Overview Our Approach Evaluations Conclusion Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  3. Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  4. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 .. Product ‐ VM Product ‐ VM Product ‐ VM Virtualization Layer Hardware Layer

  5. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 Virtualization (i.e., hypervisor) [Popek and .. Goldberg, 1974] has pushed our computing paradigm Product ‐ VM Product ‐ VM Product ‐ VM from multi-tasking to multi-OS . Virtualization Layer Hardware Layer

  6. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 Virtualization (i.e., hypervisor) [Popek and .. Goldberg, 1974] has pushed our computing paradigm Product ‐ VM Product ‐ VM Product ‐ VM from multi-tasking to multi-OS . Virtualization Layer Consolidation, Migration, Hardware Layer Isolation ...

  7. Overview Our Approach Evaluations Conclusion Execution Mode

  8. Overview Our Approach Evaluations Conclusion Execution Mode

  9. Overview Our Approach Evaluations Conclusion Execution Mode

  10. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03]

  11. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03] Using a trusted, dedicated virtualization layer program to monitor the running VMs

  12. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03] Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics

  13. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics

  14. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics EXTERIOR Ex ecute trusted utilities in SVM for t imely Guest-OS introsp e ction, (re)configu r at io n and r ecovery.

  15. Overview Our Approach Evaluations Conclusion The Semantic Gap in VMI ( [Chen and Noble HotOS’01]) View exposed by Virtual Machine Monitor is at low-level There is no abstraction and no APIs Need to reconstruct the guest-OS abstraction

  16. Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  17. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox P User Space Kernel Space Guest VM (GVM)

  18. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM)

  19. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM) Virtual Machine Introspection Virtual Machine Configuration Intrusion Detection, Prevention (Recovery)

  20. Overview Our Approach Evaluations Conclusion Advantages apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM) Isolation (SVM and GVM are isolated) Trustworthiness (trust code is running in secure VM) Automation (no need to develop introspection utilities) Security (enabling malware analysis, forensics...) Transparency (programmers write native program in SVM)

  21. Overview Our Approach Evaluations Conclusion Observation 1 execve("/sbin/sysctl",["sysctl", "-w","kernel..=1"],...) = 0 2 brk(0) = 0x604000 3 access("/etc/ld.so.nohwcap",F_OK) = -1 ENOENT 4 mmap(NULL, 8192, PROT_READ|.., -1,0) = 0x7f07b1749000 5 access("/etc/ld.so.preload",R_OK) = -1 ENOENT 6 open("/etc/ld.so.cache", O_RDONLY) = 3 ... 47 open("/proc/sys/kernel/randomize_va_space",O_WRONLY|...) = 3 48 fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 49 mmap(NULL, 4096, PROT_READ|.., -1, 0) = 0x7f07b1748000 50 write(3, "1\n", 2) = 2 51 close(3) = 0 ... 57 exit_group(0) = ? Syscall trace of running sysctl -w to turn on the address space randomization in Linux kernel 2.6.32

  22. Overview Our Approach Evaluations Conclusion Architecture Overview of EXTERIOR Memory Memory apache mysql firefox ps netstat kill D stack C user D global Outer-Shell P D heap User Space User Space Kernel Space Kernel Space D global D global Synchronization Primitive Synchronization Primitive D heap D heap mutex, spin_lock,… mutex, spin_lock,… Process/IO/Memory/ Process/IO/Memory/ D stack1 D stack2 D stackn D stack1 D stack2 D stackn Security Management Security Management Interrupt/Exception Interrupt/Exception Syscall n Syscall 2 Syscall n Syscall 1 Syscall 1 Syscall 2 Handler Handler Other System Other System Components and Drivers Components and Drivers Kernel Syscall Kernel Data Identification and Redirection Context Identification Xen/KVM/Vmware/VirtualBox/VirtualPC/HyperV /OpenVZ/QEMU Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM) Guest VM (GVM)

  23. Overview Our Approach Evaluations Conclusion The algorithms Memory ps netstat kill Outer-Shell User Space Kernel Space D global Synchronization Primitive D heap mutex, spin_lock,… Process/IO/Memory/ D stack1 D stack2 D stackn Security Management Interrupt/Exception Syscall n Syscall 1 Syscall 2 Handler Other System Components and Drivers Kernel Syscall Kernel Data Identification and Redirection Context Identification Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM)

  24. Overview Our Approach Evaluations Conclusion The algorithms Memory ps netstat kill Outer-Shell The Algorithm User Space Kernel Space 1: DynamicBinaryInstrumentation ( i ): D global Synchronization Primitive 2: if SysCallExecContext ( s ): D heap mutex, spin_lock,… 3: if SysCallRedirectable ( s ): 4: RedirectableDataTracking (i); 5: Process/IO/Memory/ for α in MemoryAddress (i): D stack1 D stack2 D stackn Security Management 6: if DataRead ( α ): Interrupt/Exception 7: PA ( α ) ← V2P ( α ) Syscall n Syscall 1 Syscall 2 Handler 8: Load ( PA ( α )) Other System 9: Components and Drivers else: 10: if Configuration : 11: Store ( PA ( α ) ) Kernel Syscall Kernel Data Identification 12: else : //Introspection and Redirection Context Identification 13: COW-Store( PA ( α ) ) Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM)

  25. Overview Our Approach Evaluations Conclusion Mapping the GVM Memory Address

  26. Outline

  27. Overview Our Approach Evaluations Conclusion Effectiveness Effective? Category Utility Syntactics Semantics ps (1) ✗ � pstree (1) � ✗ lsmod (8) � � dmesg (1) � � Introspection vmstat (8) ✗ � netstat (8) � � lsof (8) ✗ � uptime (1) � ✗ df (1) ✗ � sysctl (8) � � Configuration route (8) � � hostname (1) � � chrt (1) � � renice (1) � � kill (1) � � Recovery rmmod (8) � �

  28. Overview Our Approach Evaluations Conclusion Performence Overhead

  29. Overview Our Approach Evaluations Conclusion Recovery Rootkit Targeted Function Pointer Succeed? adore-2.6 kernel global, heap object ✗ hookswrite IDT table � int3backdoor IDT table � kbdv3 syscall table � kbeast-v1 syscall table, tcp4_seq_show � mood-nt-2.3 syscall table � override syscall table � phalanx-b6 syscall table, tcp4_seq_show � rkit-1.01 syscall table � rial syscall table � suckit-2 IDT table � synapsys-0.4 syscall table �

  30. Overview Our Approach Evaluations Conclusion OS-Agnostic Testing Linux Kernel Release Date Transparent? Distribution Version Debian 4.0 2.6.26 2007-04-06 � Debian 5.0 2.6.28 2009-02-12 � Debian 6.0 2.6.32 2010-01-22 � Fedora-8 2.6.23 2007-11-08 � Fedora-10 2.6.27 2008-11-25 � Fedora-12 2.6.31 2009-11-17 � Fedora-14 2.6.35 2010-11-02 � Fedora-16 3.1.0 2011-11-08 � OpenSUSE-10.3 2.6.22 2007-10-04 � OpenSUSE-11.0 2.6.25 2008-06-19 � OpenSUSE-11.1 2.6.27 2008-12-18 � OpenSUSE-11.2 2.6.31 2009-11-12 � OpenSUSE-11.3 2.6.34 2010-07-15 � OpenSUSE-12.1 3.1.0 2011-11-16 � Ubuntu-8.04 2.6.24 2008-04-24 � Ubuntu-8.10 2.6.27 2008-10-30 � Ubuntu-9.04 2.6.28 2009-04-23 � Ubuntu-9.10 2.6.31 2009-10-29 � Ubuntu-10.04 2.6.32 2010-04-29 � Ubuntu-10.10 2.6.35 2010-10-10 � Ubuntu-11.04 2.6.38 2011-04-28 � Ubuntu-11.10 3.0.4 2011-10-13 �

Recommend

Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern

Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern

Dual Variety Singularities of dual varieties Cusp Component Node Component Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern University November 20, 2017 Emre S EN Northeastern University

730 views • 33 slides
Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior

Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior

Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior curb appeal is a year round concern Exterior curb appeal must be maintained even if property is out of grass cut season If the grass is

209 views • 6 slides
Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell

Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell

Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell It is the external layer of the Operating System It provides a communication link between the O.S. and user Interactive execution Script

887 views • 49 slides
POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage

POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage

POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage Strip & Stain Exterior Entry, Courtyard & Meeting Room Doors New Paint Scheme at Exterior Balcony Wood Siding & Metal Rail,

239 views • 4 slides
NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision

NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision

NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision & Design Solutions Our clients goal for this exterior makeover project was to transform the exterior this single story ranch into a modern or

142 views • 13 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership

EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership

EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership Standard 6 A school executive will design structures and processes that result in community engagement, support, and ownership. Be Our Guest

343 views • 17 slides
Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation:

Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation:

Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation: http://www.gnu.org/software/bash/manual/bashref.html Bash is an acronym for Bourne - Again SHell. The Bourne shell is the traditional

947 views • 37 slides
Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell

More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell

More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell Scripts Shell Variables and the Environment Simple Shell Scripting More Advanced Shell Scripting Start-up Shell Scripts Shells and Shell

367 views • 17 slides
CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof. Stephen Checkoway 1 What is the shell? Text-based interface to the operating system and to the file system User enters commands The shell runs the

425 views • 25 slides
CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof. Stephen Checkoway 1 What is the shell? Text-based interface to the operating system and to the file system User enters commands The shell runs the

427 views • 23 slides
Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen-

Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen-

Departamento de Qumica Fsica y Analtica UNIVERSIDAD DE OVIEDO Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen- -printed carbon electrodes for the printed carbon electrodes for the screen

167 views • 14 slides
CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU

CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU

Shell CSCE 625 TAMU CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU 3 Shell CSCE 625 TAMU 4 Shell CSCE 625 TAMU Pay attention to this: https://www.youtube.com/watch?v=vJG698U2Mvo 5 Shell

352 views • 8 slides
Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external

Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external

Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external sorting? n Problem: sort 1TB of data with 1GB of RAM. why not virtual memory? Swap involves expensive IOs 2 Using secondary storage

646 views • 30 slides
FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles,

FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles,

FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles, white steel, glass http://skippyleafblower.wordpress.com/ interior example INTERIOR MATERIALS wood cabinets, leather, chrome, rug, drapes, stainless

458 views • 19 slides
Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line

Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line

Bash shell SE 2XA3 Term I, 2020/21 Outline Shells Shell scripts Shell variables Command-line arguments For loops Conditionals Shell customization Environment variables Aliases Shells A Unix shell is a command-line interpreter

475 views • 18 slides
Introduction to Shell Programming what is shell programming? about cygwin review of

Introduction to Shell Programming what is shell programming? about cygwin review of

Introduction to Shell Programming what is shell programming? about cygwin review of basic UNIX TM pipelines of commands about shell scripts some new commands variables parameters and shift command substitution

515 views • 35 slides
Overview of paint systems for exterior steel based on the AS/NZS2312 standards Paint Systems for

Overview of paint systems for exterior steel based on the AS/NZS2312 standards Paint Systems for

Overview of paint systems for exterior steel based on the AS/NZS2312 standards Paint Systems for Mild Steel Equivalents to AS/NZS 2312.1:2014 Starting Point To select the correct coating system first you must know the type of steel you

772 views • 15 slides
Clams Bivalve mollusks Appearance A clams shell consists two halves that are

Clams Bivalve mollusks Appearance A clams shell consists two halves that are

Clams Bivalve mollusks Appearance A clams shell consists two halves that are usually equal which are connected by a hinge joint and a ligament that can be internal or external. Most clams have smooth outer shells. Features

849 views • 10 slides
Bourne Shell Programming Topics Covered Shell variables Using options using getopts

Bourne Shell Programming Topics Covered Shell variables Using options using getopts

Bourne Shell Programming Topics Covered Shell variables Using options using getopts Using Quotes Reading Data Arithmetic On Shell Environment and subshells Passing Arguments Parameter substitution

826 views • 65 slides
Operating System API Case study: UNIX shell Unix shell Provides interactive command execution

Operating System API Case study: UNIX shell Unix shell Provides interactive command execution

Operating System API Case study: UNIX shell Unix shell Provides interactive command execution Was part of OS kernel initially, now a normal program The shell interface looks like this: $ _ Prompt Keyboard cursor Unix shell $ cat

474 views • 22 slides
Shell scripting with Haskell Franz Thoma Berlin, 2017-02-24 Overview Shell scripting with

Shell scripting with Haskell Franz Thoma Berlin, 2017-02-24 Overview Shell scripting with

Shell scripting with Haskell Franz Thoma Berlin, 2017-02-24 Overview Shell scripting with high-level languages The turtle library Scripts & Dependency Management Parsing command line options A small application Conclusion Shell

537 views • 27 slides
A brief overview of key points relating to paint systems for exterior concrete Based on Code of

A brief overview of key points relating to paint systems for exterior concrete Based on Code of

A brief overview of key points relating to paint systems for exterior concrete Based on Code of Practice Weathertight Concrete & Concrete Masonry construction CCANZ CP 01:2014 Definitions from CCANZ CP 01:2014 Waterproof The complete

458 views • 18 slides

More recommend