virtual machine security
play

Virtual Machine Security CSE443 - Spring 2012 Introduction to - PowerPoint PPT Presentation

Dec 26, 2022 •199 likes •489 views

Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger 1

  1. Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger 1

  2. Operating System Quandary • Q: What is the primary goal of system security? • OS enables multiple users/programs to share resources on a physical device • Q: What happens when we try to enforce Mandatory Access Control policies on UNIX systems • Think SELinux policies • What can we to do to simplify? 2 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  3. Virtual Machines • Instead of using system software to enable sharing, use system software to enable isolation • Virtualization • “a technique for hiding the physical characteristics of computing resources from the way in which others systems, applications, and end users interact with those resources” • Virtual Machines • Single physical resource can appear as multiple logical resources 3 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  4. Virtual Machine Architectures • Full system simulation • CPU can be simulated • Paravirtualization (Xen) • VM has a special API • Requires OS changes • Native virtualization (VMWare) • Simulate enough HW to run OS • OS is for same CPU • Application virtualization (JVM) • Application API 4 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  5. Virtual Machine Types • Type I • Lowest layer of software is VMM • E.g., Xen, VAX VMM, etc. • Type II • Runs on a host operating system • E.g., VMWare, JVM, etc. • Q: What are the trust model issues with Type II compared to Type I? 5 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  6. Virtual Machine Types Type 2 VMM ! Hybrid VMM ! Type 1 VMM ! App ! App ! Guest OS 1 ! Guest OS 2 ! App ! App ! App ! App ! VMM ! Guest OS 1 ! Guest OS 2 ! Guest OS 1 ! Guest OS 2 ! Host OS ! VMM ! Host OS ! VMM ! Hardware ! Hardware ! Hardware ! VMware ESX ! MS Virtual Server ! JVM ! Xen ! KVM ! CLR ! MS Hyper-V ! VMware Workstation ! 6 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  7. VM Security • Isolation of VM computing • Like a separate machine VM VM Guest OS Guest OS Partitioned Device Resources Requests Virtual Machine Monitor Physical Device Controls 7 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  8. VAX VMM System • First system design to examine virtualization in the context of information flow security ! Virtualization mechanisms necessary to implement a reference • validation mechanism that satisfies the reference monitor concept ! Assure system design and implementation to the highest level • – A1 level per the Orange Book ! Control all system information flows according to MLS and • Biba integrity policies (modulo exceptions in “privileges”) ! Also, covert channel countermeasures were produced, • approximating noninterference ! • System was piloted, but not released commercially ! 8 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  9. VAX VMM System • Key design tasks of secure VMM ! Virtualize processor ! ‣ All security-sensitive instructions must be mediated by VMM ! • VMM protection ring ! ‣ VMM must be deployed in a more privileged protection ring than • the VMs ! I/O emulation ! ‣ • Privileged I/O tasks must be executed in VMM or trusted VM ! Self-virtualizable ! ‣ • OS must not detect when running on a VMM (or VMMs) ! 9 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  10. Virtualizing Instructions • Security-Sensitive Instructions ! Instructions that read or modify privileged system state ! ‣ • Privileged Instructions ! Instructions that cause a trap when executed in a non- ‣ privileged ring ! • All security-sensitive instructions must be privileged to enable the VMM to manage privileged system state (rather than individual VMs) ! • This requirement was not met by VAX hardware nor x86 originally ! 10 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  11. I/O Emulation • Access to devices is expected by each operating system, but this access is security-sensitive ! Thus, devices are virtualized ! ‣ • Access to devices must be directed to the party with physical device access ! Memory-mapped I/O uses unprivileged instructions ! ‣ • VAX VMM adds a layer of indirection ! I/O interface that causes a trap ! ‣ OS must be modified to use that interface ‣ (paravirtualize) ! 11 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  12. Other Issues • Driver management ! In VAX VMM, all drivers were in the VMM kernel ! ‣ This was for assurance, but added code to VMM ! ‣ • Drivers are outside the VMM in most systems ! • DMA ! Devices can use this mechanism to write to physical ‣ memory, but under guidance of untrusted VMs ! • VAX VMM trusted drivers, but not practical today ! • Performance – E.g., page table lookups ! 12 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  13. VAX VMM System Applications Applications Applications (Top Secret) (Secret) (Unclassified) Ultrix OS VMS OS VMS OS VMM Security Kernel Memory Disk Print Display ... Device Device Device Device 13 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  14. NetTop • Isolated networks of VMs • Alternative to “air gap” security VM: Secret VM: Public VM: Secret VM: Public Guest OS’ Guest OS’ Guest OS’ Guest OS’ VMWare VMWare MLS MLS SELinux Host OS SELinux Host OS 14 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  15. Xen • Privileged VM VM: DomU VM: DomU Guest OS’ Guest OS’ VM Services Partitioned Device Dom 0 Resources Requests Host OS’ Drivers Xen Hypervisor 15 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  16. Xen sHype • Controlled information flows among VMs VM: DomU VM: DomU Guest OS’ Guest OS’ VM Services Partitioned Device Dom 0 Resources Requests Host OS’ Drivers Ref Xen Hypervisor Mon 16 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  17. Xen sHype Policies • Type Enforcement over VM communications • VM labels are subjects • VM labels are objects • How do VMs communicate in Xen? • Grant tables: pass pages between VMs • Event channels: notifications (e.g., when to pass pages) • sHype controls these • Q: What about VM communication across systems? 17 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  18. Xen Security Modules • Comprehensive Reference Monitor interface for Xen • Based on LSM ideas • Includes about 57 “hooks” (more expected) • Supports sHype hooks • Plus, hooks for VM management, resource partitioning • Another aim: Decompose domain 0 • Specialize kernel for privileged operations • E.g., Remove drivers 18 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  19. IOMMU Role in the System Application ! Application ! RAM ! Application ! System ! Software ! Penn State Systems and Internet Infrastructure Security Lab Page 19 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  20. IOMMU Role in the System Application ! Application ! RAM ! Application ! System ! Software ! Penn State Systems and Internet Infrastructure Security Lab Page 20 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  21. IOMMU Role in the System Application ! Application ! MMU ! RAM ! Application ! System ! Software ! control Penn State Systems and Internet Infrastructure Security Lab Page 21 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  22. IOMMU Role in the System Peripheral ! Application ! Application ! MMU ! RAM ! Peripheral ! Application ! System ! Software ! Peripheral ! control Penn State Systems and Internet Infrastructure Security Lab Page 22 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  23. IOMMU Role in the System Peripheral ! Application ! IOMMU ! Application ! MMU ! RAM ! Peripheral ! Application ! System ! Software ! Peripheral ! control Penn State Systems and Internet Infrastructure Security Lab Page 23 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  24. I/O Device Assignment Process ! OS ! Peripheral ! Process ! VM 1 ! VM Guest 1 ! IOMMU ! VM Guest 2 ! MMU ! RAM ! Peripheral ! VM Guest 3 ! Hypervisor ! Parent ! VM 0 ! Peripheral ! control ! Penn State Systems and Internet Infrastructure Security Lab Page 24 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

  25. VM Security Status • Aim is simplicity • Are we achieving this? • Do we care what happens in the VMs? • When might we care? • Trusted computing base • How does this compare to traditional OS? 25 CSE443 Introduction to Computer (and Network) Security - Spring 2012 - Professor Jaeger

Recommend

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide D-1 Outline Virtual Machine Structure Virtual Machine Monitor Privilege Physical Resources Paging Computer Security: Art and

218 views • 19 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

12.03.2019 Docker security 1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami M.Sc Computer Security M.Sc Software Development Worked previously as an embedded software developer Actually

586 views • 54 slides
Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian Vetter Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2016 julian (sect) Software Security SoSe 2016 1 / 21

220 views • 21 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems

Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems

Security Aware and Energy-Efficient Virtual Machine Consolidation in Cloud Computing Systems Farhad Ahamed, Seyed Shahrestani and Bahman Javadi School hool of of Comput omputing, ing, Engineer ngineering ing and and Mathema hematics ics

474 views • 18 slides
An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

IC2E18 An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li, Niannian Ji, Baochun Li Virtual Machine Placement Select the most suitable physical machine (PM) to host each virtual machine (VM).

417 views • 13 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

Virtual Machines in Compilation Virtual Machines in Compilation Abstract Syntax Tree compile Compilation 2007 Compilation 2007 Virtual Machine Code The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code

541 views • 11 slides
A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

http://infinite.barrel-of-knowledge.info/cryptoparty/ (Surface web) https://yhfitd2wvrz3aybh.onion/cryptoparty/ (Deep web) A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual LAN with all traffic

629 views • 9 slides
ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap Samuel Talmadge King Sukru Cinar Murtaza Basrai Peter M. Chen University of Michigan Introduction: Security

531 views • 34 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is Java "byte code" Java Virtual Machine invoked methods and local stack (is it related to MIPS assembly/machine code ?) variables ?

487 views • 4 slides
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger 1

777 views • 22 slides
Modern Virtual Machine Performance murphee (Werner Schuster)

Modern Virtual Machine Performance murphee (Werner Schuster)

Modern Virtual Machine Performance murphee (Werner Schuster) http://jroller.com/page/murphee Overview Virtual Machine Myths Myth: Java is interpreted Myth: Native code is always faster than... Myth: Garbage Collection is

265 views • 24 slides
The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning Consultant Playing with data for over a decade Risk and Security PayPal, Armis 2 Hi! Deep Voice foundation Leader of

554 views • 54 slides
Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2

Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2

Virtual Machines 1 questions/logistics office hours posted on website VM setup due Friday 2 virtual machines illusion of a dedicated machine could or could not behave like real machine 3 virtual machine types language designed for

1.28k views • 91 slides
Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine History 1960s Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP abstraction / x86 virtualization Sun JVM Application level virtualization Lincoln Uyeda CS 614 -

99 views • 6 slides
Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine

Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine

10/26/2014 Outline Introduction (VM) Virtual Machine Research goals (PM) Physical Machine Challenges Research questions Background Research contributions Ph.D. Dissertation Defense Supporting Infrastructure

618 views • 19 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine

PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine

PageRankVM A PageRank Based Algorithm with Anti-Collocation Constraints for Virtual Machine Placement in Cloud Datacenters Zhuozhao Li Haiying Shen Cole Miles University of Virginia July 3, 2018 1 / 19 Virtual Machine Placement In a cloud

772 views • 38 slides
CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual

CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual

Introduction: : Introduction CLR CLR What What is is a a virtual virtual machine machine? ? A new new virtual virtual machine machine A CLI CLI and and CLR CLR JIT JIT execution execution and and

117 views • 9 slides
Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21, 2008 Black Hat DC - Game Plan Introduction to VM migration Live migration security Exploiting live migration Future attacks and

441 views • 31 slides
Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program

Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program

Java for OOP Objects de-mystified Christoph Angerer Java Virtual Machine VM Heap Program Memory (Program Code (Classes, JIT Memory) etc.) Reads Internal use Virtual Machine Slide 2 Runtime Model public class BankAccount {

307 views • 30 slides

More recommend