1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.

Slides:



Advertisements
Similar presentations
Virtualization Technology
Advertisements

E Virtual Machines Lecture 3 Memory Virtualization
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
CSIE30300 Computer Architecture Unit 10: Virtual Memory Hsin-Chou Chi [Adapted from material by and
Operating System Support Focus on Architecture
CS 342 – Operating Systems Spring 2003 © Ibrahim Korpeoglu Bilkent University1 Memory Management -3 CS 342 – Operating Systems Ibrahim Korpeoglu Bilkent.
Recap. The Memory Hierarchy Increasing distance from the processor in access time L1$ L2$ Main Memory Secondary Memory Processor (Relative) size of the.
Memory Management and Paging CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.
Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Disco Running Commodity Operating Systems on Scalable Multiprocessors.
1 Chapter 8 Virtual Memory Virtual memory is a storage allocation scheme in which secondary memory can be addressed as though it were part of main memory.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
CS 333 Introduction to Operating Systems Class 12 - Virtual Memory (2) Jonathan Walpole Computer Science Portland State University.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Virtualization for Cloud Computing
Cache Organization of Pentium
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.
Virtual Memory By: Dinouje Fahih. Definition of Virtual Memory Virtual memory is a concept that, allows a computer and its operating system, to use a.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 346, Royden, Operating System Concepts Operating Systems Lecture 24 Paging.
CS333 Intro to Operating Systems Jonathan Walpole.
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Jonathan Walpole (based on a slide set from Vidhya Sivasankaran)
CS533 Concepts of Operating Systems Jonathan Walpole.
Chapter 8 Memory Management Dr. Yingwu Zhu. Outline Background Basic Concepts Memory Allocation.
Topics covered: Memory subsystem CSE243: Introduction to Computer Architecture and Hardware/Software Interface.
Computer Architecture Lecture 28 Fasih ur Rehman.
Benefits: Increased server utilization Reduced IT TCO Improved IT agility.
Xen I/O Overview. Xen is a popular open-source x86 virtual machine monitor – full-virtualization – para-virtualization para-virtualization as a more efficient.
Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 34 Paging Implementation.
Countering Kernel Rootkits with Lightweight Hook Protection Presented by: Hector M Lugo-Cordero, MS CAP 6135 March 24, 2011.
CS533 Concepts of Operating Systems Jonathan Walpole.
System Virtualization 1 Learning Objective: –To understand the implementation choices and details of System Virtualization COMP
C OUNTERING K ERNEL R OOTKITS WITH L IGHTWEIGHT H OOK P ROTECTION Presented by: Ruaa Abdulrahman CAP Malware and Software Vulnerability Analysis.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
8.1 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Paging Physical address space of a process can be noncontiguous Avoids.
 Introduction  Prior research  Problem overview  HookSafe Design  Implementation  Evaluation  Experiment result Conclusion.
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Vidhya Sivasankaran.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Operating Systems Security
4.3 Virtual Memory. Virtual memory  Want to run programs (code+stack+data) larger than available memory.  Overlays programmer divides program into pieces.
Full and Para Virtualization
DATA COMPROMISE Controlling the flow of sensitive electronic information remains a major challenge, ranging from theft to accidental violation of policies.
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Page Replacement Implementation Issues Text: –Tanenbaum ch. 4.7.
CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
VMM Based Rootkit Detection on Android
8.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Fragmentation External Fragmentation – total memory space exists to satisfy.
Silberschatz, Galvin and Gagne  Operating System Concepts Paging Logical address space of a process can be noncontiguous; process is allocated.
Virtual Machines (part 2) CPS210 Spring Papers  Xen and the Art of Virtualization  Paul Barham  ReVirt: Enabling Intrusion Analysis through Virtual.
Lecture 13: Virtual Machines
Virtualization for Cloud Computing
Introduction to Virtualization
Virtualization.
Virtualization Technology
Cache Organization of Pentium
Section 9: Virtual Memory (VM)
Virtualization Techniques
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Shielding applications from an untrusted cloud with Haven
Countering Kernel Rootkits with Lightweight Hook Protection
Xen and the Art of Virtualization
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
4.3 Virtual Memory.
Presentation transcript:

1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007

2 Motivation: Paranoid Programs Programs can be designed to be tamper resistant Obfuscation of control flow Run-time decryption of executable code Detection of static or dynamic modification Goal: Subvert tamper prevention mechanisms Enables reverse engineering (“what does this virus do?”) Allows binary modification (“now this virus does something else”)

3 Self-checksumming Code Value of some computation depends on the bytes of the program text Allows detection of modifications (e.g. instrumentation, binary rewriting) Makes implicit assumption of von Neumann (single store) memory architecture Multiple overlapping checksums help prevent tampering tamper- resistant process data read instruction fetch Von Neumann architecture

4 Attacking Self-checksumming Code Violating von Neumann assumption defeats protection Emulation Allows detection and redirection of data reads But… is slow, expensive Malicious Operating System Introduced in Wurster (2004) Utilizes virtual memory hardware But… requires modified OS tamper- resistant process data read instruction fetch Harvard architecture

5 Malicious Virtualization Hypothesis: The Virtual Machine Monitor is a superior malicious agent VMM is responsible for managing virtual memory Able to modify virtual memory without operating system assistance Allows attacks on commodity operating systems (e.g. Microsoft Windows) Virtualization is significantly less expensive than emulation Xen: Linux-based open source VMM

6 Overview of Approach Modern architectures are Harvard architectures E.g. x86: separate instruction/data translation lookaside buffers (TLBs) VMM can get notification of page accesses Instruction TLB points to modified code page On data read access, edit data TLB to point to unmodified page [directory][table][offset] fetch? ITLBDTLB Linear address 320 Mem Normally these addresses are the same! yesno

7 System Architecture target OS hypervisor Igor victim modified code unmodified code comm channel Dyninst attach page correspondences

8 Current Status Running modified Xen and XenLinux installations Tracking of page faults in target program address space Currently implemented with device driver that makes hypercalls to Xen Remaining tasks: TLB entry installation Igor process Communication channel from Igor to Xen hypervisor Performance measurements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.