Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.

Published byWillis Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China."— Presentation transcript:

1 Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.

2 Agenda Scenarios Where may covert channels happen between VMs? Proposal What do we want to do? Design How does it solve this kind of problems? Implementation How to make it run on Xen? Evaluation Are its overheads very high? Contributions

3 Scenarios I Zhenghong Wang and Ruby B. Lee[1] implemented a SMT/FU channel on a Pentium-4 processor with hyper- threading. [1] Zhenghong Wang and Ruby B. Lee. Covert and side channels due to processor architecture. In ACSAC ’06: Proceedings of the 22nd Annual Computer Security Applications Conference, pages 473–482, Washington, DC, USA, 2006. IEEE Computer Society. Pseudo code for SMT/FU channel. This figure comes from [1]

4 Scenarios II C. Percival[2] implemented a L1 cache missing channel on a Pentium-4 processor with hyper- threading. The Trojan process access memory to evict cache lines owned by the spy process in L1 cache. The spy process measures the amount of time needed to read many particular bytes. The two channels were not implemented on virtual machine systems, but we can use similar methods to implement channels between two VMs running on processors with hyper-threading. [2] C. Percival. Cache missing for fun and profit. In BSDCan 2005, Ottawa, 2005.

5 Proposal Build Chinese Wall Isolation(CWI), a mandatory access control mechanism to block covert channel between VMs. Prevents VMs belongs to different companies which are in competition from sharing hardware, then reduce the chance of building covert channels between VMs CWI based on Chinese Wall Policy regulates VMM allocating hardware to VMs.

6 Design I: Concepts Key concepts of CWI are based on Chinese Wall Policy. VMs containing information of one company are defined as objects. Hardware are defined as subjects. Company datasets. Conflict of interest class. Session Access rule When a VM request an unit of hardware resources, if and only if the requested hardware was not used by its competitors, the request is granted, otherwise, it’s denied.

7 Design II example of concepts Finance R&D Operation The set of all VMs Conflict of interest classes OilBankFood Company datasets Oil-AOil-BOil-C Bank-A Bank-BBank-CFood-A Food-BFood-C Individual VMs Company dataset Oil-B Conflict of interest class oil [3] D. F. C. Brewer and M. J. Nash. The chinese wall security policy. Proceedings of the 1989 IEEE Symposium on Security and Privacy, May 1989. The idea of this figure comes from [3]

8 Design III: the basic idea Keeps all subjects ’ access histories to enforce the access rule. A 32 -bit record in VMM to keep one unit of hardware’s access history. Assign every company dataset a label and all VMs of the company have the label. CWI checks the access history of the requested hardware and the label of the requesting VM When VMM allocating hardware to aVM.

9 Design IV: record and label A 32-bit record of one unit of hardware. Every 4-bit represents a company dataset ID. (CoIC denotes conflict of interest class) 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 CoIC EightCoIC SevenCoIC SixCoIC FiveCoIC FourCoIC TwoCoIC ThreeCoIC One 4 bit A label comprises a dataset ID and a conflict of interest class ID. A VM label 0x0002004 means the VM is in the second dataset and belongs to the 4 th conflict of interest class.

10 Implementation I Assigns labels to VMs, and store labels in their configuration files. Creates all hardware’s access histories during VMM booting up. CWI checks the VM’s label and the access history of the hardware when a VM requests hardware. 3 places in which CWI checking them Memory allocator when allocating memory to VM CPU allocator when allocating processors to VMs CPU scheduler when Virtual CPU migrating from one processor to another

11 Implementation II Allocating memory VM-1 0x000A0008 memory allocator 0xA12B0000 0xB12B0000 0x012B0000 0x212B0000 spare memory pages Requests memory..... granteddeniedgranted denied Is the request rightful? CWI

12 Implementation III 0x112300B1 0x222300B1 0x332300B1 0x442300B1 0x552300B1 0x062300B1 0x072300B1 0xA82300B1 Processors VM -1 0x000A0008 CPU allocators VM-2 0x00090007 request 2 CPUs granted request 1 CPU denied Is the request rightful? CWI Allocating Processors Suppose there a 8 processors, each one has one core. The CPU scheduler works quite when VCPU migrating.

13 Evaluation I CWI needs some memory to keep hardware’s access histories. Memory for physical processors is very small. Memory for memory pages is considerable. Constructed a testbed to test CWI overheads on VMM performance Measured the time increase of allocating memory and the computing time increase of SPALSH- 2 application. The testbed : a Dell server, 2 xeon quad core processors, 2 GB memory, Xen 3.2.1, and Debian Linux for both host and guest OSes.

14 Evaluation II

15 Evaluation III Overheads on performances are very low Allocating Memory and CPUs are not on the critical path The time of allocating memory increases by approximately 50 % VCPU migration is on the critical path A small increase in computing time of SPLASH- 2 application is about 5 % on average.

16 Contributions Provides stronger isolation than VMM does. It knows something which VMM doesn’t know. Gets better hardware resources utilization than other mandatory access control(MAC) mechanisms do. Defines every unit of hardware as one subject, and is a fine-grained access control mechanism. Other MAC mechanisms on VMM define the whole system as one subject, and are coarse-grained access control mechanisms.

17 Thank you for your attention

Download ppt "Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China."

Similar presentations

KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.

KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Difference Engine: Harnessing Memory Redundancy in Virtual Machines by Diwaker Gupta et al. presented by Jonathan Berkhahn.

Difference Engine: Harnessing Memory Redundancy in Virtual Machines by Diwaker Gupta et al. presented by Jonathan Berkhahn.
Xen , Linux Vserver , Planet Lab

Xen , Linux Vserver , Planet Lab
KMemvisor: Flexible System Wide Memory Mirroring in Virtual Environments Bin Wang Zhengwei Qi Haibing Guan Haoliang Dong Wei Sun Shanghai Key Laboratory.

KMemvisor: Flexible System Wide Memory Mirroring in Virtual Environments Bin Wang Zhengwei Qi Haibing Guan Haoliang Dong Wei Sun Shanghai Key Laboratory.
XENMON: QOS MONITORING AND PERFORMANCE PROFILING TOOL Diwaker Gupta, Rob Gardner, Ludmila Cherkasova 1.

XENMON: QOS MONITORING AND PERFORMANCE PROFILING TOOL Diwaker Gupta, Rob Gardner, Ludmila Cherkasova 1.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Nov 2010 1 COMP60621 Concurrent Programming for Numerical Applications Lecture 6 Chronos – a Dell Multicore Computer Len Freeman, Graham Riley Centre for.

Nov COMP60621 Concurrent Programming for Numerical Applications Lecture 6 Chronos – a Dell Multicore Computer Len Freeman, Graham Riley Centre for.
A Case for Virtualizing Nodes on Network Experimentation Testbeds Konrad Lorincz Harvard University June 1, 2015June 1, 2015June 1, 2015.

A Case for Virtualizing Nodes on Network Experimentation Testbeds Konrad Lorincz Harvard University June 1, 2015June 1, 2015June 1, 2015.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In search of a virtual yardstick:

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice In search of a virtual yardstick:
CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
A Secure System-wide Process Scheduling across Virtual Machines Hidekazu Tadokoro (Tokyo Institute of Technology) Kenichi Kourai (Kyushu Institute of Technology)

A Secure System-wide Process Scheduling across Virtual Machines Hidekazu Tadokoro (Tokyo Institute of Technology) Kenichi Kourai (Kyushu Institute of Technology)
L15: Review for Midterm. Administrative Project proposals due today at 5PM (hard deadline) – handin cs6963 prop March 31, MIDTERM in class L15: Review.

L15: Review for Midterm. Administrative Project proposals due today at 5PM (hard deadline) – handin cs6963 prop March 31, MIDTERM in class L15: Review.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.

1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
Virtual Memory. Why do we need VM? Program address space: 0 – 2^32 bytes –4GB of space Physical memory available –256MB or so Multiprogramming systems.

Virtual Memory. Why do we need VM? Program address space: 0 – 2^32 bytes –4GB of space Physical memory available –256MB or so Multiprogramming systems.
Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.
Hosted VMM Architecture Advantages: –Installs and runs like an application –Portable – host OS does I/O access –Coexists with applications running on.

Hosted VMM Architecture Advantages: –Installs and runs like an application –Portable – host OS does I/O access –Coexists with applications running on.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 3 Desktop Virtualization McGraw-Hill.

© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 3 Desktop Virtualization McGraw-Hill.

Similar presentations

Ads by Google