Isolation And Integrity Management In Dynamic Virtualized Environments

Size: px

Start display at page:

Download "Isolation And Integrity Management In Dynamic Virtualized Environments"

Frank Hodge
6 years ago
Views:

1 Isolation And Integrity Management In Dynamic Virtualized Environments Reiner Sailer <> Manager Security Services (GSAL) Team IBM Thomas J Watson Research Center, NY Joint work with: See next slide 2007 IBM Corporation

2 Research Collaborators Stefan Berger Ramon Cáceres (now AT&T) Kenneth Goldman Dimitrios Pendarakis Ronald Perez Eran Rom (HRL) Sivan Tal (HRL) Enriquillo Valdez Mihai Christodorescu Josyula R Rao Reiner Sailer Douglas Lee Schales Wietse Venema Andreas Wespi (ZRL) Diego Zamboni (ZRL) 2005 IBM Corporation 2

Virtualization Unleashes Security Value Hosting mission critical applications and sensitive data in highly dynamic virtualized environments itvdc - Infrastructure Security Integrated,

Hypervisor VLAN TVDc TVDc TVDc TVDc View View Prod. admin VLAN VLAN Dev.

3 Virtualization Unleashes Security Value Hosting mission critical applications and sensitive data in highly dynamic virtualized environments itvdc - Infrastructure Security Integrated, policy-driven isolation management for competing data center workloads Continuous audit and compliance guarantees for dynamic cloud environments Systems Systems View View Hypervisor Hypervisor Hypervisor VLAN TVDc TVDc TVDc TVDc View View Prod. admin VLAN VLAN Dev. admin Phantom - Integrated Security Services On-demand network intrusion and host malware prevention for virtualized workloads Transparent, effective and low overhead monitoring of dynamic virtual environments SVM VM VM Hypervisor Hardware VM Building security foundations using isolation and integrity management 2005 IBM Corporation 3

4 High Utilization Benefits Power Consumption Relative Power Consumption: Lowest at High Server Utilization RPC Virtualization 0% 100% 2005 IBM Corporation 4

isolation Just pretend I m not here Customer feedback suggests that

5 Collocating Customers Raises Isolation Concerns Complication: Moving different customers onto the same platform raises concerns related to their isolation Just pretend I m not here Customer feedback suggests that insufficient isolation can be a disruptive force hindering virtualization 2005 IBM Corporation 5

isolation TVD admin TVD admin + Continuously monitoring isolation mechanisms and

6 We Must Strengthen Isolation Three-fold! Trusted Virtual Datacenter = Adding controls on data sharing between VMs to improve isolation TVD admin TVD admin + Continuously monitoring isolation mechanisms and protecting integrity + Automating security management to account for increasing dynamics of Cloud Computing 2005 IBM Corporation 6

7 Virtualization-based Security Management Virtual Resources IHS Blue Workload WAS WAS WAS DB2 Green Workload WAS IHS WAS DB2 WAS Physical Resources 2005 IBM Corporation 7

8 Classic Type 1 Hypervisor Application Application Application Application Application Application Application Application Application Virtual Machines Guest Kernel Guest Kernel Guest Kernel Hypervisor Hardware Virtualizes hardware CPU, Memory, and I/O devices 2005 IBM Corporation 8

9 Trusted Virtual Data Center Value Proposition Systems View View TVD TVD View View Hypervisor Hypervisor TVDc Hypervisor Hypervisor 4 6 Radically simplifies security Management Reduces the risk of security exposures through consistent, policy-driven enforcement Leverage virtualization through centralized security services 2005 IBM Corporation 9

Isolation and Integrity Management Isolation Services Integrity Services Enforces restrictions on administration and data sharing Who can manage what Which customers can run together How virtual

10 Isolation and Integrity Management Isolation Services Integrity Services Enforces restrictions on administration and data sharing Who can manage what Which customers can run together How virtual machines can share data Maintains software inventory and acts as early warning system for anomalies What is running in each VM (TC, N/H-IDS) If VMs/Systems are correctly configured If VMs are up-to-date with patches Extrusion/Intrusion Extrusion/Intrusion Protection Protection Malware Malware Prevention Prevention and and Fidelity Fidelity 2005 IBM Corporation 10

11 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 11

12 Isolation Management Virtual Domain View Holistic workload protection Run-time isolation Isolate VMs of different colors Network isolation Isolate traffic of different colors Storage isolation Isolate storage of different colors Management isolation Separate tenant administrators responsible for different colors 2005 IBM Corporation 12

13 TVDc Centralized Policy-Driven Workload Isolation Three Layers of Workload Isolation Physical Isolation: TVDc System authorization enables flexible partitioning of workloads onto different systems Temporal isolation: TVDc Anticollocation disables selective workloads from running concurrently on the same platform Logical Isolation: TVDc Access control prevents sharing between concurrently executing workloads 1. System Authorization - t 2. Anti-Collocation 3. Controlled Sharing 2005 IBM Corporation 13

14 shype Access Control Architecture (Example: Xen) Application VM Linux Application Xen / shype Hardware Application Hypervisor security hooks Application MS Windows Callbacks Dom0 Secure (Management) Services ACM Flexible framework: Supports Multiple Policies Access Control Module Implements Policy Model Hypervisor Security Hooks mediate inter-vm communication + resource access interact with ACM for access decision Implemented for Xen, PHYP, rhype in various stages 2005 IBM Corporation 14

15 TVDc Centralized Policy-Driven Network isolation Blade 1 Blade 2 VM 1 VM 2 VM VM 3 VM 4 VM 5 VMM X VMM Virtual LAN 1 Virtual LAN 1 Virtual LAN 2 Virtual LAN Label Label VMs VMs + VLANs VLANs VMM VMM enforces: enforces: VMs VMs VLANs VLANs Hardware Hardware VLAN VLAN switch switch enforces: enforces: Blades Blades VLANs VLANs Virtual LAN 1 Virtual LAN 2 Network Switch 2005 IBM Corporation 15

16 Implemented Network Isolation on Xen/sHype Physical Machine dom1 dom0 (Management VM) dom2 eth0 eth0 vif1.0 vif2.0 eth0 vif1.0 vif2.0 eth0 br0.100 eth0 br0.101 peth0.100 peth0 peth0.101 Other Machines/Switches Physical LAN vlan 100 vlan101 VLAN Switch Other Machines/Switches 2005 IBM Corporation 16

17 TVDc Centralized Policy-Driven Storage Isolation Two Layers of TVDc Storage Isolation Physical Isolation: TVDc System authorization enables flexible mapping of storage (Volumes) onto distinct physical systems Logical Isolation: TVDc controls access of concurrently executing workloads to locally virtualized storage - Virtual Block Device (VBD) PI: (B) Dom0 SAN Non-intrusive Storage Access Enforcement Points Policy-driven storage management ensures that storage is only accessible to authorized systems (A) Extensions of the local virtual storage management to mediate VM device access and manage security (B) (A) Storage System 2005 IBM Corporation 17

18 TVDc: Orchestrating Server, Network & Storage Isolation System/Service Management Solutions WAS Data Center Administrator IHS WAS WAS DB2 SVC SVC Blue Trusted Virtual Domain Dom U Dom U Dom U Dom 0 Green Bridge XenAPI Virtual IO Server Mgmt Green Bridge LPAR LPAR LPAR Blue Bridge Blue Bridge Xen/sHype PHYP/sHype System x w. Xen Blue VLAN Blue VLAN System P Green VLAN Green VLAN System x (Xen) System P (PHYP) 2005 IBM Corporation 18

of Guest-VMs Intrusion Crypto/ Defense vtpm Services Server TVDC Management VM VM VM

19 Use Cases For Protected Infrastructure VMs Policy and host management: manage TVDc access control policy & virtualization settings Crypto / vtpm server: keep keys and credentials out of Guest-VMs Intrusion Crypto/ Defense vtpm Services Server TVDC Management VM VM VM Supervision/Introspection: monitor and protect Guest VMs from a secure place Hypervisor 2005 IBM Corporation 19

20 Virtualization-based Isolation and Integrity Management Isolation Management Integrity Management Tenant Workloads Infrastructure Tenant Workloads 2005 IBM Corporation 20

21 Guest Guest VM VM Guest Guest VM VM Secure VM VM Hypervisor 2005 IBM Corporation 21

22 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 22

23 Wanted: Structure and Trusted Foundations! Status quo approach to IT and business security is too complex, not measurable, does not scale I. Virtualization: brings ORDER II. Trusted Computing: Creates foundation Lack of robust trusted foundation erodes security 2005 IBM Corporation 23

How Trusted Computing Fits In absolutely

suitable for client side Hope for the best

24 How Trusted Computing Fits In absolutely secure 10 8 $ Physically controlled room, usually closed run-time environment, information flows sanitized manually across isolation boundaries Secure coprocessors, physical protection, largely closed environment, signed executables, active device, usually server side add-on Trusted Platform Module, protected from software, open environment, passive, suitable for client side Hope for the best secure 10 4 $ trusted 10 0 $ hope for the best 2005 IBM Corporation 24

25 Trusted Computing Integrity Measurement Architecture Attesting System Measurements Verifying System Deduce System Properties Data Config data Boot- Process TCG Grub Kernel Real System Program IMA Kernel module SHA1(Boot Process) SHA1(Kernel) SHA1(Kernel Modules) SHA1(Program) SHA1(Libraries) SHA1(Configurations) SHA1(Structured data) TPM-Signed PCR Integrity Value Analysis Inferred System Known Fingerprints (1) Measurement (2) Attestation (3) Verification 2005 IBM Corporation 25

26 Remote Attestation Prototype 2. Receive: Sig(Nonce, PCR) Measurement List 3. Check: Signature Nonce 4. Validate: PCR Value 1. Submit Request and Nonce 5. Evaluate: Individual Measurements 6. Infer: High-Level System Properties 2005 IBM Corporation 26

27 VMM Integrity Verification Example (Xen) VMM VMM Measurement Measurement List List Fingerprint Fingerprint DB DB ===============================================+============================ ===============================================+============================ #000: #000: BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB aggregate aggregate (bios (bios + + grub grub stages) stages) #001: #001: A8A865C7203F2565DDEB511480B0A2289F7D035B A8A865C7203F2565DDEB511480B0A2289F7D035B grub.conf grub.conf (boot (boot configuration) configuration) #002: #002: 1238AD50C652C88D139EA2E9987D06A99A2A22D1 1238AD50C652C88D139EA2E9987D06A99A2A22D1 xen.gz xen.gz #003: #003: 84ABD CA4A448E0D2C9364B4E1725BDA4F 84ABD CA4A448E0D2C9364B4E1725BDA4F isolation_policy.bin isolation_policy.bin #004: #004: 9ECF02F90A2EE2080D DE47968C8A1BE3D 9ECF02F90A2EE2080D DE47968C8A1BE3D linux xen linux xen Hypervisor #317: #317: BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB /bin/login /bin/login #318: #318: A8A865C7203F2565DDEB511480B0A2289F7D035B A8A865C7203F2565DDEB511480B0A2289F7D035B /usr/bin/httpd /usr/bin/httpd #319: #319: 1238AD50C652C88D139EA2E9987D06A99A2A22D1 1238AD50C652C88D139EA2E9987D06A99A2A22D1 /usr/bin/java /usr/bin/java #320: #320: 84ABD CA4A448E0D2C9364B4E1725BDA4F 84ABD CA4A448E0D2C9364B4E1725BDA4F /usr/bin/sshd /usr/bin/sshd #321: #321: 9ECF02F90A2EE2080D DE47968C8A1BE3D 9ECF02F90A2EE2080D DE47968C8A1BE3D /usr/bin/python /usr/bin/python Hypervisor Secure Secure VM VM Known Fingerprints = Acceptable + Malicious + Out of Policy 2005 IBM Corporation 27

Virtual TPMs Enable VM Integrity Attestation Support current IMA via vtpms (flexible, scalable) IMA-enabled Application Application IMA-enabled Application Application Application IMA-enabled

28 Virtual TPMs Enable VM Integrity Attestation Support current IMA via vtpms (flexible, scalable) IMA-enabled Application Application IMA-enabled Application Application Application IMA-enabled Application Application Application Application Policy Manager Virtual TPMs Measure HW, hypervisor, and critical services IMA-enabled Guest Kernel OS IMA-enabled Guest Kernel OS ACM Secure Hypervisor Core Root of Trust Hardware 2005 IBM Corporation 28

Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation

29 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 29

30 Weinberg s Second Law of Programming If builders built buildings the way programmers write programs, the first woodpecker to come along would destroy civilization IBM Corporation 30

into processes Disables security software one of the most common actions malware takes upon

31 X-Force 2008 Trend Statistics Conclusions the following [malware] behaviors are included in the top ten list: Hides a file from folder listings by setting the hidden file attribute Injects code into processes Disables security software one of the most common actions malware takes upon installation is an attempt to evade detection Public exploits Same day exploits 2005 IBM Corporation 31

32 Virtualization: On-Demand, Centralized Security Services Virtualization enables on-demand, centralized services Selective network intrusion and host malware protection delivered on-demand with Virtual Machine/Guest granularity Consolidation of security services into a single enforcement point Centralized protection using a Security-VM (SVM) means Non-bypass, highly effective security functionality in Ring 0 Efficient amortization of fixed security cost across workloads Reduction of security sprawl across virtual infrastructures Simplified management of security updates Minimal or no per-os footprint SVM VM VM VM Hypervisor Hardware 2005 IBM Corporation 32

33 Usage Case: Intrusion Prevention System (IPS) Summary Security virtual machine (SVM) provides analysis of all virtual network traffic using intrusion prevention system Integrated Security VM Guest VM Attack VM Detail Attacker sends network exploit Attack is routed to Guest VM SVM monitors network traffic Detects attack via IPS system Attack Prevented! Disables or firewalls Attack VM Security Services Hypervisor Hardware vswitch 2005 IBM Corporation 33

34 Usage Case: Anti-Rootkit System (ARKS) Summary Security virtual machine (SVM) uses virtual machine introspection to monitor critical OS data structures for changes made by rootkits and other types of malware Integrated Security VM Guest VM OS Data Security Services Detail Rootkit strikes Attempts to hide itself SVM detects OS tampering Attack Prevented! Performs clean-up of rootkit Hypervisor Hardware 2005 IBM Corporation 34

35 CPU & Memory Introspection Types I Passive Introspection Non-intrusive reading of Guest memory Limited by Data consistency (guest is running) Polling interval could miss manipulations in guest memory Restricted to detection (no rollback) SVM Security Agent Read Memory (Polling) VMM / Hypervisor Guest VM 2005 IBM Corporation 35

36 CPU & Memory Introspection Types II Trigger-based Introspection (e.g., Anti-Rootkit) available triggers: memory page execute, write, read Limited by: overhead reading guest pages VM-VM event overhead Security Agent 2. Response 1. Events VMM / Hypervisor Guest VM In-guest Security Agent (e.g., Anti-Virus) Minimize useless events Create new or semantically richer events Protect context agent Security Agent 2. Response 1. Events VMM / Hypervisor Guest VM Context Agent 2005 IBM Corporation 36

37 The Semantic Gap From OS to Physical Semantics r/w/x OS Semantics OS / Process Structures Set Trigger Gap Guest virtual memory Trigger Guest physical memory Introspection Event Phys Page Semantics 2005 IBM Corporation 37

Tap into control flow Rootkit detection/prevention Introspect Guest Kernel space: Security Agent: Detect / prevent changes to

38 Rootkit Protection System Rootkits in action User space: Exploit the way in Create persistent trap doors Kernel space: Manipulate data/code to hide from HIDS, AV, etc. Tap into control flow Rootkit detection/prevention Introspect Guest Kernel space: Security Agent: Detect / prevent changes to critical kernel data structures ( anti-stealth ) Instrument Guest User Space: Existing HIDS, AV: Undo visible user space changes Rootkit Detector SA Secure VM Protected Guest VM Hypervisor Introspection Kernel 2005 IBM Corporation 38

39 IBM T. J. Watson Research Center Rootkit Demo Setup SVM SVM Guest Guest Anomaly Detected * DS change reverted (QuerySystemInformation) Lo ck ar t S Rootkit strikes * installs backdoor * hides by rewriting DS M V t DS Written Reset DS Do wn DS DS Introspection Hypervisor Guest Physical Memory 2005 IBM Corporation 39

Great Opportunities in Overcoming the Challenges Opportunities Through Centralized Security Services Marginal additional security cost per protected Guest (utilization, maintenance, OS support, )

40 Great Opportunities in Overcoming the Challenges Opportunities Through Centralized Security Services Marginal additional security cost per protected Guest (utilization, maintenance, OS support, ) Protected Security Agent run-time environment Reclaiming Ring-0 against Guest-VM rootkits and other malware Differentiation through correlating events across data center e.g., Cloud-Antivirus, Cloud-IMA: Check once, run everywhere Challenges Performance of SVM/out-of-guest event processing (trigger precision/overhead) Semantics of the introspection interface (OS dependencies finding trigger targets) VMM integrity (see BH08 and ISS: more than 150 VMM vulnerabilities since 1999) ISS X-Force IBM Corporation 40

41 Summary Need for Virtualization is driven by energy saving potential Introduces need for isolating collocated customers TVDc isolation management can mitigate the risk of collocating customers in dynamic virtualized data centers Introduces need for integrity management Integrity management in virtualized environments poses significant challenges, many of which can be addressed Run-time Integrity Attestation (Trusted Computing) Malware Protection Services (Virtual Introspection) # 2005 IBM Corporation 41

42 References and Related Work TVDc: Managing Security in the Trusted Virtual Datacenter. Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Ronald Perez, Reiner Sailer, Wayne Schildhauer, Deepa Srinivasan, Enriquillo Valdez. ACM SIGOPS Operating Systems Review, Vol 42, Issue 1, January Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control. Enriquillo Valdez, Reiner Sailer, Ronald Perez. 23rd Annual Computer Security Applications Conference (ACSAC), Florida, December Capability based Secure Access Control to Networked Storage Devices. Michael Factor, Dalit Naor, Eran Rom, Julian Satran, Sivan Tal. Mass Storage Systems and Technologies, MSST th IEEE Conference on Volume, Issue, Sept Page(s): Shamon -- A System for Distributed Mandatory Access Control. Jonathan M McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer. 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006 vtpm: Virtualizing the Trusted Platform Module. Stefan Berger, Ramón Cáceres, Kenneth Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. 15th USENIX Security Symposium, Vancouver, Canada, July Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Griffin, Leendert van Doorn. 21st Annual Computer Security Applications Conference (ACSAC), Tucson, Arizona, December Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doorn.13th Usenix Security Symposium, San Diego, California, August, In the interest of space, please refer to the references of the cited papers for further related work IBM Corporation 42

Security for the Xen Hypervisor Status Quo & Perspective 2006

Security for the Xen Hypervisor Status Quo & Perspective 2006 Reiner Sailer Xen Summit 2006 IBM T J Watson Research Center 1/17/2006 1. Access Control Module 2. Virtual Trusted Platform Module 2 IBM T