fine grained user space security through virtualization
play

Fine-Grained User-Space Security Through Virtualization Mathias - PowerPoint PPT Presentation

Jan 12, 2023 •582 likes •890 views

Fine-Grained User-Space Security Through Virtualization Mathias Payer and Thomas R. Gross ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application access to the minimum amount of data

  1. Fine-Grained User-Space Security Through Virtualization Mathias Payer and Thomas R. Gross ETH Zurich

  2. Motivation ● Applications often vulnerable to security exploits ● Solution: restrict application access to the minimum amount of data needed ● Least privilege principle VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 2

  3. In a nutshell ● Fine-grained virtualization layer confines security threats ● All executed code is verified ● Additional security guards are added to the runtime image ● All system calls are verified according to a tight policy VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 3

  4. Outline ● Introduction ● Security architecture ● Security through virtualization ● Software-based fault isolation (SFI) ● System call interposition ● Evaluation ● Related work ● Conclusion VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 4

  5. Introduction ● Software security is a challenging problem ● Many different forms of attacks exist ● Low-level bugs are omni-present ● Current security practice is reactive ● We present a pro-active approach to security ● Catch exploits before they can cause any harm Application code Kernel VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 5

  6. Protection through virtualization ● Virtualization confines and secures applications ● Use a user-space virtualization system ● Secure all code and authorize all system calls Application code Application code User-space SFI and Guards Kernel Kernel VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 6

  7. Security Architecture Application User-space process virtualization and fault isolation < libdetox System call interposition framework Handler functions & < redirected system calls Configurable runtime policy Kernel space / OS ● Layered security concept ● User-space software-based fault isolation ● System call interposition framework ● System call authorization VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 7

  8. Software-based fault isolation ● SFI implemented as a user-space library ● All code is translated before it is executed ● Code is checked and verified on the fly ● All unsafe instructions are encapsulated or rewritten – Check targets and origins of control flow transfers – Illegal instructions halt the program VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 8

  9. SFI: Additional guards ● Translator adds guards that protect from malicious attacks against the SFI platform and enhance security guarantees ● Secure control flow transfers ● Signal handling ● Executable bit removal ● Address space layout randomization ● Protecting internal data structures VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 9

  10. SFI: Control transfers ● Verify return addresses on stack ● Use a shadow stack to store original/translated addresses ● Protects from Return Oriented Programming ● Secure control flow transfers ● Check target and source locations for valid transfer points ● Protects from code injection through heap- based/stack-based overflows VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 10

  11. SFI: Signal handling ● Catch signals and exceptions ● Redirect to installed handlers if signal is valid ● Protects from break-outs out of the sandbox VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 11

  12. SFI: Executable bit removal ● Executable bit removed for libraries and application ● Only libdetox and code-cache contains executable code ● Part of the protection against code-injection VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 12

  13. SFI: ASLR ● Address space layout randomization randomizes the runtime memory image ● Probabilistic measure that makes attack harder VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 13

  14. SFI: Internal data structures ● All internal data structures are protected ● Context transfer to (translated) application code protects all internal data structures ● Write permissions to all internal memory is removed ● Protects from code-injection and attacks against the virtualization platform VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 14

  15. SFI: Added protection ● These additional guards protect from ● Code injection (stack-based / heap-based) ● Return-oriented programming ● Execution of illegal code ● Attacks against the virtualization platform VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 15

  16. System call interposition ● Implemented on top of SFI platform ● All system calls & parameters are checked ● Dangerous system calls are redirected to a special implementation inside the virtualization library ● System call authorization ● System calls are authorized based on a user- definable per-process policy ● Protects from data attacks VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 16

  17. Outline ● Introduction ● Security architecture ● Security through virtualization ● Software-based fault isolation (SFI) ● System call interposition ● Evaluation ● Related work ● Conclusion VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 17

  18. libdetox ● Approach implemented as a prototype ● Built on top of fastBT system ● Additional security hardening ● Guards implemented in the translation process ● Dynamic guards extend the dynamic control flow transfer logic VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 18

  19. Evaluation ● SPEC CPU2006 benchmarks used to evaluate overheads ● Apache plus policy used to evaluate server performance ● All benchmarks were executed on Ubuntu 9.04 on an E6850 Intel Core2Duo CPU @ 3.00GHz, 2GB RAM and GCC version 4.3.3 VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 19

  20. SPEC CPU2006 ● Benchmarks executed with well-defined policy ● Three configurations: ● Binary translation (BT) only – no security extensions – shows cost of translation & control flow transfers ● libdetox – standard security features ● libdetox + internal memory protection – securing internal data structures – all transfers from the application code to the libdetox code are protected VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 20

  21. SPEC CPU2006 Benchmark BT libdetox + mprot 400.perlbench 55.97% 59.88% 74.69% 401.bzip2 3.89% 5.39% 5.54% 429.mcf -0.49% 0.49% 0.25% 464.h264ref 6.17% 9.20% 9.20% 483.xalancbmk 23.72% 27.22% 31.27% 454.calculix -1.68% -0.56% -1.12% Average* 6.00% 6.39% 8.21% ● Average overhead is low ● Most overhead comes from the BT ● Even worst-case behavior (perlbench) is manageable * Average is calculated over all 28 SPEC CPU2006 benchmarks VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 21

  22. Apache2 ● Fully protected Apache 2.2.11 is evaluated using the ab benchmark ● Each file is received 1'000'000 times – test.html (static, 1.7kB) – phpinfo.php (small, dynamic PHP file) – picture.png (static, 242 kB) VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 22

  23. Apache2 25% 20% Throughput [mB/s] native BT libdetox test.html 22.5 19.6 18.8 Overhead 15% phpinfo.php 3.28 2.80 2.73 10% picture.png 945 902 885 5% Average overhead - 9.3% 12% 0% phpinfo.php Average test.html picture.png BT libdetox ● Low overhead for real-world server application ● Throughput highly depends on payload ● Both for virtualized and native executions VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 23

  24. Related Work ● Full system translation (VMWare, QEMU, Xen) ● Virtualizes a complete system, management overhead, data sharing problem ● System call interposition (Janus, AppArmor) ● Only system calls checked, code is unchecked ● Software-based fault isolation (Vx32, Strata) ● Only a sandbox is not enough, additional guards and system call authorization needed ● Static binary translation (Google's NaCL) ● Limits the ISA, special compilers needed VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 24

  25. Conclusions ● Combining SFI and policy-based system call authorization builds low overhead virtualization platform ● Virtualization based on programs, not systems ● System image is shared with a single configuration ● Fine-grained access control to data / properties ● Opens door to new approaches of security ● Highly customizable and dynamic VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 25

  26. Questions ? ● Libdetox as an implementation prototype supports full IA-32 ISA without kernel module ● Source: http://nebelwelt.net/projects/libdetox/ VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 26

  27. Policy System call definition: open: ("/etc/apache2/*", *): allow . ("/var/www/*", *): allow . ("*", *): deny . 5: open(string, int) 6: close(int) close: . . (*): allow . VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 27

  28. Policy: nmap mode:whitelist /* not listed: abort program */ brk(*):allow /* memory management */ mmap2(*,*,*,*,*,*):allow munmap(*,*):allow close(*):allow ioctl(*, TIOCGPGRP, *):allow open("/dev/tty",*):allow open("/etc/host.conf",*):allow open("/etc/hosts",*):allow open("/usr/share/nmap/nmap-services",*):allow ... read(*,*,*):allow stat64("/etc/resolv.conf",*):allow stat64("/home/test/.nmap/nmap-services",*):allow ... write(*,*,*):allow socketcall(PF NETLINK, SOCK RAW, 0):allow /* net */ socketcall(PF INET, SOCK STREAM, IPPROTO TCP):allow socketcall(PF FILE, SOCK STREAM | SOCK CLOEXEC | SOCK NONBLOCK, 0):allow ... VEE'11 / 2011-03-10 Mathias Payer / ETH Zurich 28

Recommend

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

727 views • 41 slides
Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1 Overview Motivation Requirements for Fine-Grained Geocast Location Model for Fine-Grained Geographic Addressing Summary Related Work

752 views • 18 slides
secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer &lt;mathias.payer@inf.ethz.ch&gt; 1 Mathias Payer: secuBT - User-Space Virtualization Motivation Virtualizing and encapsulating running programs is important:

693 views • 40 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More Fine-Grained Classes Actually , I ran home extremely quickly yesterday The closed classes Example of POS tagging The Penn Treebank Part-of-Speech

747 views • 54 slides
Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 , Gansen Zhao 2 , and Xiaofeng Chen 3 Chunming Rong 4 , Yong Tang 2 1 Guangzhou University, China South China Normal University 2 3 Xidian University

784 views • 21 slides
Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: p g Students can see their own grades Students can see grades of all students in courses they registered for

548 views • 34 slides
Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP, University of Surrey, UK http://sketchx.ai Why fine-grained? Dog Dog Dog I am not just a dog Why fine-grained? Husky

615 views • 24 slides
Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana Rajendran Ethan L. Miller Darrell D. E. Long Storage Systems Research Center University of California, Santa Cruz Sunday, November 13, 11

532 views • 16 slides
Virtualization Virtualization Memory virtualization Process feels like it has its own

Virtualization Virtualization Memory virtualization Process feels like it has its own

4/25/08 Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External

441 views • 8 slides
Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Learning Kernel-matrix-based Representation for Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information Technology University of Wollongong, Australia 11-Dec-2019 Introduction Fine-grained image recognition

1.56k views • 58 slides
TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei Technologies d3e3e3@gmail.com November 2011 TRILL WG 1 Fine Grained Labeling A way to

469 views • 8 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang, Ting Yu, Ninghui Li Jorge Lobo, Elisa Bertino Keith Irwin, Ji-Won Byun Outline Introduction Correctness Criteria A Fine-Grained Access

1.21k views • 51 slides
Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and presentation by: Abhinav Pathak, Y. Charlie Hu, Ming Zhang Paramvir Bahl, Yi-Min Wang Damian Rodziewicz Fine-Grained Power Modeling for Smartphones

701 views • 33 slides
Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: Students can see their own grades Students can see their own grades Students can see grades of all students in courses they registered for

338 views • 17 slides
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei Shih Prasun Gera Taesoo Kim Hyesoon Kim Marcus Peinado 26 th USENIX Security Symposium August 17, 2017 Intel Software Guard Extension (SGX)

437 views • 42 slides
Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012 1 Outline Types of parallelism Algorithm description Why fine grained parallelism? Concurrency is hard no, its different

419 views • 19 slides
Fine-Grained Semantics for Probabilistic Programs Benjamin Timon Martin Bichsel Gehr Vechev

Fine-Grained Semantics for Probabilistic Programs Benjamin Timon Martin Bichsel Gehr Vechev

Fine-Grained Semantics for Probabilistic Programs Benjamin Timon Martin Bichsel Gehr Vechev Probabilistic models Security Networking Machine Learning Robotics Randomized Algorithms Probabilistic programming Probability density

624 views • 36 slides
Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy Konwinski, Matei Zaharia , Ali Ghodsi, Anthony Joseph,

438 views • 32 slides
Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion Scalar and array renaming 1 Fine-Grained Parallelism Theorem 2.8. A sequential loop can be converted to a parallel loop if the loop carries no

606 views • 41 slides
Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood Tariq, Fareed Zaffar LUMS Fine-Grained Tracking of Grid Infections p. 1/18 Introduction Grid semantics Not middleware-specific Distributed

644 views • 18 slides
Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Sangman Kim , Michael Z. Lee, Alan M. Dunn, Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking - Bug-prone, hard to maintain Parallelism - OS provides poor support Coarse-grained locking - Reduced

536 views • 34 slides
Part-based R-CNNs for Fine-grained Category Detec7on

Part-based R-CNNs for Fine-grained Category Detec7on

Part-based R-CNNs for Fine-grained Category Detec7on Ning Zhang Jeff Donahue Ross Girshick Trevor Darrell

741 views • 39 slides

More recommend