virtual machine security
play

Virtual Machine Security CSE497b - Spring 2007 Introduction - PowerPoint PPT Presentation

Jun 11, 2023 •536 likes •777 views

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger 1

  1. Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger 1

  2. Operating System Quandary • Q: What is the primary goal of system security? • OS enables multiple users/programs to share resources on a physical device • Q: What happens when we try to enforce Mandatory Access Control policies on UNIX systems • Think SELinux policies • What can we to do to simplify? 2 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  3. Virtual Machines • Instead of using system software to enable sharing, use system software to enable isolation • Virtualization • “a technique for hiding the physical characteristics of computing resources from the way in which others systems, applications, and end users interact with those resources” • Virtual Machines • Single physical resource can appear as multiple logical resources 3 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  4. Virtual Machine Architectures • Full system simulation • CPU can be simulated • Paravirtualization (Xen) • VM has a special API • Requires OS changes • Native virtualization (VMWare) • Simulate enough HW to run OS • OS is for same CPU • Application virtualization (JVM) • Application API 4 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  5. Virtual Machine Types • Type I • Lowest layer of software is VMM • E.g., Xen, VAX VMM, etc. • Type II • Runs on a host operating system • E.g., VMWare, JVM, etc. • Q: What are the trust model issues with Type II compared to Type I? 5 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  6. VM Security • Isolation of VM computing • Like a separate machine VM VM Guest OS Guest OS Partitioned Device Resources Requests Virtual Machine Monitor Physical Device Controls 6 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  7. Ensure Protection of VMM • Processor Instructions • Each processor supports an instruction set • Some can only be run privileged mode • i.e., a more privileged ring (ring 0) • Privileged versus Sensitive Instructions • Privileged: only run in ring 0 • Sensitive: read or write privileged state • All sensitive instructions must be privileged • Examples • Page Table Entries: memory accesses • Code Segment Selector read: this register indicates level 7 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  8. A Proper VMM • Virtualization Requirements • Protect sensitive state • Sensitive instructions must be virtualized (i.e., require privilege) • Access to sensitive data must be virtualized (ditto) • Need to hide virtualization • Systems cannot see that they are being virtualized • I/O Processing • Need to share access to devices correctly • Special driver interface • Self-virtualization: Run VMM as VM • Can’t do this on traditional x86, but now we have VT architecture 8 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  9. NetTop • Isolated networks of VMs • Alternative to “air gap” security VM: Secret VM: Public VM: Secret VM: Public Guest OS’ Guest OS’ Guest OS’ Guest OS’ VMWare VMWare MLS MLS SELinux Host OS SELinux Host OS 9 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  10. Xen • Paravirtualized Hypervisor • Privileged VM VM: DomU VM: DomU Guest OS’ Guest OS’ VM Services Partitioned Device Dom 0 Resources Requests Host OS’ Drivers Xen Hypervisor 10 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  11. Xen sHype • Controlled information flows among VMs VM: DomU VM: DomU Guest OS’ Guest OS’ VM Services Partitioned Device Dom 0 Resources Requests Host OS’ Drivers Ref Xen Hypervisor Mon 11 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  12. Xen sHype Policies • Type Enforcement over VM communications • VM labels are subjects • VM labels are objects • How do VMs communicate in Xen? • Grant tables: pass pages between VMs • Event channels: notifications (e.g., when to pass pages) • sHype controls these • Q: What about VM communication across systems? 12 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  13. Xen Security Modules • Comprehensive Reference Monitor interface for Xen • Based on LSM ideas • Includes about 57 “hooks” (more expected) • Supports sHype hooks • Plus, hooks for VM management, resource partitioning • Another aim: Decompose domain 0 • Specialize kernel for privileged operations • E.g., Remove drivers 13 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  14. VM Security Status • Aim is simplicity • Are we achieving this? • Do we care what happens in the VMs? • When might we care? • Trusted computing base • How does this compare to traditional OS? 14 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  15. Java Virtual Machine • Interpret Java bytecodes • Machine specification defined by bytecode • On all architectures, run same bytecodes • Write once, run anywhere • Can run multiple programs w/i JVM simultaneously • Different ‘classloaders’ can result in different protection domains • How do we enforce access control? 15 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

  16. Java Security Architecture • Java 1.0: Applets and Applications CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16

  17. Java Security Architecture • Java 1.1: Signed code (trusted remote -- think Authenticode) • Java 1.2: Flexible access control, included in Java 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17

  18. Stack Inspection • Authorize based on protection domains on the stack – Union of all sources • All must have permission CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18

  19. Do Privileged • doPrivileged terminates backtrace • Like setuid, with similar risks CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19

  20. Virtual Machine Threats • How does the insertion of a virtual machine layer change the threats against the system? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 20

  21. Virtual Machine Rootkit • Rootkit – Malicious software installed by an attacker on a system – Enable it to run on each boot • OS Rootkits – Kernel module, signal handler, ... – When the kernel is booted, the module is installed and intercepts user process requests, interrupts, etc. – E.g., keylogger • VM Rootkit – Research project from Michigan and Microsoft – If security service runs in VM, then a rootkit in VMM can evade security – E.g., Can continue to run even if the system appears to be off CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21

  22. Take Away • VM systems focus on isolation • Enable reuse, but limited by security requirements • Enable limited communication • The policies are not trivial, but refer to coarser-grained objects 22 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger

Recommend

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide D-1 Outline Virtual Machine Structure Virtual Machine Monitor Privilege Physical Resources Paging Computer Security: Art and

218 views • 19 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

12.03.2019 Docker security 1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami M.Sc Computer Security M.Sc Software Development Worked previously as an embedded software developer Actually

586 views • 54 slides
Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian Vetter Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2016 julian (sect) Software Security SoSe 2016 1 / 21

220 views • 21 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems

Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems

Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems Farhad Ahamed, Seyed Shahrestani and Bahman Javadi School hool of of Comput omputing, ing, Engineer ngineering ing and and Mathema hematics ics

474 views • 18 slides
An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

IC2E18 An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li, Niannian Ji, Baochun Li Virtual Machine Placement Select the most suitable physical machine (PM) to host each virtual machine (VM).

417 views • 13 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

Virtual Machines in Compilation Virtual Machines in Compilation Abstract Syntax Tree compile Compilation 2007 Compilation 2007 Virtual Machine Code The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code

541 views • 11 slides
A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

http://infinite.barrel-of-knowledge.info/cryptoparty/ (Surface web) https://yhfitd2wvrz3aybh.onion/cryptoparty/ (Deep web) A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual LAN with all traffic

629 views • 9 slides
ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap Samuel Talmadge King Sukru Cinar Murtaza Basrai Peter M. Chen University of Michigan Introduction: Security

531 views • 34 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is Java "byte code" Java Virtual Machine invoked methods and local stack (is it related to MIPS assembly/machine code ?) variables ?

487 views • 4 slides
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security

Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security

Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger 1

489 views • 28 slides
Modern Virtual Machine Performance murphee (Werner Schuster)

Modern Virtual Machine Performance murphee (Werner Schuster)

Modern Virtual Machine Performance murphee (Werner Schuster) http://jroller.com/page/murphee Overview Virtual Machine Myths Myth: Java is interpreted Myth: Native code is always faster than... Myth: Garbage Collection is

265 views • 24 slides
The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning Consultant Playing with data for over a decade Risk and Security PayPal, Armis 2 Hi! Deep Voice foundation Leader of

554 views • 54 slides
Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2

Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2

Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2 virtual machines illusion of a dedicated machine could or could not behave like real machine 3 virtual machine types language designed for

1.28k views • 91 slides
Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine History 1960s Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP abstraction / x86 virtualization Sun JVM Application level virtualization Lincoln Uyeda CS 614 -

99 views • 6 slides
Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine

Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine

10/26/2014 Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine Challenges Research questions Background Research contributions Ph.D. Dissertation Defense Supporting Infrastructure

618 views • 19 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine

PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine

PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine Placement in Cloud Datacenters Zhuozhao Li Haiying Shen Cole Miles University of Virginia July 3, 2018 1 / 19 Virtual Machine Placement In a cloud

772 views • 38 slides
CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual

CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual

Introduction: : Introduction CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual virtual machine machine A CLI CLI and and CLR CLR JIT JIT execution execution and and

117 views • 9 slides
Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21, 2008 Black Hat DC - Game Plan Introduction to VM migration Live migration security Exploiting live migration Future attacks and

441 views • 31 slides
Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program

Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program

Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program Memory (Program Code (Classes, JIT Memory) etc.) Reads Internal use Virtual Machine Slide 2 Runtime Model public class BankAccount {

307 views • 30 slides

More recommend