Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Published byAbraham Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文."— Presentation transcript:

1 Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文

2 Outline  Introduction  Virtualization vulnerabilities  Threat model  NoHype system architecture  Prototype design  Security analysis  Related work  Conclusion 2

3 Introduction ( 1/2 )  Web services & Cloud infrastructure providers  Multi-tenancy → SECURITY  Virtualization software Virtualization software  Previous approaches  NoHype system eliminating the hypervisor attack surface altogether 3

4 Introduction ( 2/2 )  NoHyper Retain the ability to run and manage VMs in the same way Achieve with today’s commodity hardware Prevent attacks  Contributions Eliminating the hypervisor attack surface Realizing on today’s commodity hardware A prototype implementation and system evaluation 4

5 Virtualization vulnerabilities ( 1/2 )  Hypervisor Hypervisor A program allows multiple OSs to share a single hardware host  Roles of virtualization software Roles of virtualization software  Roles of hypervisor Processor cores Memory I / O devices Interrupts and Timers 5

6 Virtualization vulnerabilities ( 2/2 )  Attack Surface Interaction between guest VM & hypervisor VM exit ○ the VM’s code is interrupted and the hypervisor’s code begins to execute to handle some event ○ How often this happens? How often this happens? VM sends info. to hypervisor so the hypervisor can handle the event 6

7 Threat model  NoHype Avoiding attacks from malicious guest VMs when VM exit happens Eliminating the need for interaction Assumptions ○ Guest OS’s security ○ Cloud management software 7

8 NoHype system architecture ( 1/3 )  Pre-allocating memory and cores Hypervisor dynamically manages the memory and processor cores’ resources Dedicating number of cores to the specific VM Guest VM can use the local APIC directly Pre-allocating memory Hardware paging mechanisms 8

9 NoHype system architecture ( 2/3 )  Using only virtualized I/O devices Dedicating I/O devices to the guest VM Virtualized NIC, storage, graphics card  Short-circuiting the system discovery Allowing the guest OS boot normally Modifying guest OS to cache system configuration data Temporary hypervisor No customer code executes while any underlying virtualization software is present 9

10 NoHype system architecture ( 3/3 )  Avoiding indirection Hypervisor performs indirections that map the virtual view to real hardware Guest VM directly accesses the processor ID 10

11 Prototype design ( 1/5 )  VM creation customer’s request → cloud management software → system software → create VM Xen ○ Pre-setting EPT(Extended Page Tables) ○ Physical function driver for NIC ○ pinning a VM to a set of cores ○ allocating the virtualized NIC 11

12 Prototype design ( 2/5 )  Guest VM bootup Guest VM bootup Xen’s inclusion of bootloader, hvmloder Descoverying devices ○ Temporary hypervisor ○ Modified QEMU to return “no device” for all but a network card ○ Interrupt : Modified Xen & Linux choose the same configurable vector 12

13 Prototype design ( 3/5 ) Discovering processor capabilities ○ The clock frequency --- software virtualized HPET ○ The core identifier --- pass the actual identifier ○ Processor’s features --- implementation CPUID  Hypervisor disengagement Guest OS kernel module Hypercall with an unused hypercall number ○ Hypervisor disengagement ○ Sending an IPI to other cores of the VM 13

14 Prototype design ( 4/5 )  Remove the VM from several lists ‚ Guest’s full control of the individual core ƒ Initialize the local APIC registers Execution control is transferred to the user’s code  Guest execution and shutdown Guest execution and shutdown Modify the guest Linux kernel Shutdown by itself or by VMCSVMCS 14

15 Prototype design ( 5/5 )  Raw performance evaluation 1% performance improvement 15

16 Security analysis ( 1/2 )  Remaining hypervisor attack surface Interaction between the cloud manager and the system manager  future work Temporary hypervisor & modified guest OS kernel Trusted Computing Base  VM to VM attack surface Sending IPIs to other guest VMs 16

17 Security analysis ( 2/2 )  Isolation between VMs Pre-setting EPT to assign physical pages to a VM performance  VMs mapping physical infrastructures Infrastructure mapping attacks 17

18 Related work  Minimizing the hypervisor TrustVisor : Efficient TCB reduction and attestation TrustVisor : Efficient TCB reduction and attestation  New processor architectures Introduction to the new mainframe : z/VM basics Introduction to the new mainframe : z/VM basics  Hardening the hypervisor HyperSafe : A lightweight approach to provide lifetime hypervisor control-flow integrity HyperSafe : A lightweight approach to provide lifetime hypervisor control-flow integrity  Direct access to hardware 18

19 Conclusion  Design, implementation and evaluation of a working NoHype system on today’s commodity hardware  Removing the attack surface  1% faster run time 19

20 20

21 21

22 22

23 23

24 24

25 25

Download ppt "Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文."

Similar presentations

Ian Pratt SVP, Products Bromium Inc.

Ian Pratt SVP, Products Bromium Inc.
Virtualization Technology

Virtualization Technology
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.

Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.
Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.

Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.
Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.

Introduction to Virtual Machines. Administration Presentation and class participation: 40% –Each student will present two and a half times this semester.
Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &

Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &
Week 6 Operating Systems.

Week 6 Operating Systems.

Similar presentations

Ads by Google