Hardware Involved Software Attacks
|
|
- Dwain Merritt
- 5 years ago
- Views:
Transcription
1 Hardware Involved Software Attacks Jeff Forristal CanSecWest 2012
2 Once you have root/admin, what s left to do? Question
3 Rootkits VM escapes hacking/ priv escalation BIOS hacking Jail breaking Relevance
4 Attack surfaces Attack patterns Themes
5 X86-centric Other architectures may do it differently Not about hardware attacks* The final vulnerability lives in software Caveats
6 Follow the RASQ ally rabbit ATTACK SURFACES
7 Privilege OS Hardware The Stack
8 Privilege OS Hardware OS The Stack
9 Privilege OS Hardware OS???????????????????????? The Stack
10 Driver Driver Driver Driver Driver Driver Driver Driver Privilege OS Hardware OS The Stack
11 Driver Driver Driver Driver Driver Driver Driver Driver Privilege OS Hardware OS The Stack
12 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Memory Peripherals Firmware Hardware Platform The Stack
13 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU BIOS & OS/VMM share access, but not trust Memory Peripherals Firmware Hardware Platform The Stack
14 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Hypervisor can grant VM direct HW access Memory Peripherals Firmware Hardware Platform The Stack
15 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Memory DMA Peripherals Firmware Hardware Platform The Stack
16 Besides the obvious Direct capabilities to affect a critical system resource (e.g. DMA to system/software memory) Indirect sideband access to a resource (e.g. PCI/e & ExpressCard access to SMBus) Store executable code that is automatically invoked (e.g. HDD or USB drive; PCI/e device option ROM) Proxy data from an untrusted external source* (e.g. NICs, Wifi radios) Hardware s Involvement
17 IO Traditional/legacy IO via in/out instructions A.k.a. DIO, PIO MMIO Memory-mapped IO via memory access instructions MSRs CPU config registers via rdmsr/wrmsr instructions PCI/e MMCFG PCI configuration space access Arguably a flavor of MMIO X86 HW Access Methods
18 Mistakenly passed through by a higher privilege software layer Explicitly passed through by a higher privilege software layer Explicitly provided by hardware architectural intent The attacker is already deemed to have access The attacker is physically proximate to the system* Surface Transitions
19 Buckets to describe stuff because people like to categorize things ATTACK PATTERNS
20 Originate in a lower-privileged software/layer or be remote/physically proximate Leverage or depend upon an operation of hardware* Achieve a vulnerability in a higher-privileged software/layer or a peer in current software/layer Commonality
21 This is a conversation about forests Let s not get pedantic about the individual trees Only these slides are black & white Image: Ambiguity
22 Categorization criteria isn t always crisp (it s like porn ) Challenges on separating HW operation, TLP, and data Bug DBs lack of consistent characterization of the problem, mention of hardware Challenges
23 Driver Driver Driver Driver Driver Driver Driver Driver Inappropriate General Access to Hardware Straight-forward driver failure (Semi) arbitrary access to general purpose HW access (e.g. IO, MMIO, PCI config, MSRs) Debug purposes, laziness, bad foresight, simplicity OS Pattern #1
24 CVE Linux kernel on x64/em64t allows writing to IO ports via outs instruction CVE Speedfan (Windows) allows MSR reading/writing via IOCTLs CVE Nantsys (Windows) allows MSR reading/writing Pattern #1 Examples
25 Unexpected Consequences of Specific Hardware Function Given access because functionality seems safe Extra/hidden/unexpected/bug functionality leads to a problem Pattern #2
26 CVE DMA used to generate MSI interrupts, compromise of Xen hypervisor CVE Radeon Linux Gfx driver gives access to AA resolve registers, allows memory manipulation CVE WebGL in Firefox allows GPU memory reading, or crash Image: Pattern #2 Examples
27 Hardware Reflected Injection Variants: 2 nd order injection through HW Security-sensitive logic operation on HW value Stored executable code blobs Pattern #3
28 Hardware Reflected Injection - 2 nd order injection Trigger a traditional vuln via malicious data value inserted/stored in hardware Integer issues, buffer overflows, etc. Pattern #3 Variant #1
29 Alexandre Gazet Recon 2011 Update KBC FW, feed malicious value to SMM and cause a buffer overflow OS SMM/BIOS CPU Memory KBC Firmware Pattern #3 Variant #1 Example
30 Hardware Reflected Injection - Security-sensitive logic operation on HW value One-off logic operation, not a general purpose weakness Thus very contextual, particularly to securityspecific software Pattern #3 Variant #2
31 CVE Malicious MCHBAR register value prevents proper VT-d policy application during TXT SENTER Hardware VT-d FEC10000 SINIT ACM Memory Image: Pattern #3 Variant #2 Example
32 Hardware Reflected Injection - Stored executable code blobs BIOS flash Option ROMs Boot device MBRs* Pattern #3 Variant #3
33 Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot CPU Reset Update BIOS Flash OpROM PCIe Card MBR Boot Dev OS + s Reboot Pattern #3 Variant #3 Example
34 Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot CPU Reset BIOS Flash OpROM PCIe Card MBR Boot Dev VMM IOMMU Update VM Pattern #3 Variant #3 Example
35 Interference with Hardware Privilege Access Enforcement Relevant to hypervisor & emulation Hypervisor/emulator does operation with their (elevated) privilege, not requestors lower privilege Confused deputy Pattern #4
36 CVE MS Virtual PC/Server instruction decoding doesn t enforce CPU privilege level requirements CVE KVM x86 emulator doesn t consider CPL & IOPL in guest hardware accesses Pattern #4 Examples
37 Access by a Parallel Executing Entity Things running at the same time One good, one bad Sensitive use of shared resources Programmable peripherals CPU Memory Peripherals Firmware Hardware Pattern #5
38 CVE SMP guest uses one thread to change instructions of another thread while being interpreted by hypervisor, allowing for arbitrary instruction execution CVE Malicious CPU thread monitors cache misses of another thread, recovery of cryptographic keys, etc. Pattern #5 Examples
39 Incorrect Hardware Use Someone didn t RTFM In all fairness: The manuals can be vague/cryptic They tell you to do things without a reason for why They say should instead of must Pattern #6
40 CVE Linux didn t notice AMD FXSAVE/FXRSTOR different than Intel, lead to leaking of floating point data between processes (cryptographic secrets, etc.) CVE Linux improper handling of uncanonical return address on EM64T, allowing exception handler to run on user stack with wrong GS CVE Xen/RedHat/Linux accesses VMCS fields without first seeing if hardware supports those fields, leading to crash/dos Pattern #6 Examples
41 External Control of a Hardware Device The device (not the data it processes) is under malicious control Variants: Physically present/proximate Reprogrammed Pattern #7
42 CVE Firewire port allows DMA, access to host memory SMM/BIOS CPU Memory 1394/FW Firmware CVE Reprogramming keyboard firmware Image: Pattern #7 Examples
43 And it s not a good offense DEFENSE
44 Watch your under surface Developers
45 Image: Unused Devices
46 You, too, can crash your system without trying EXPERIMENTING WITH HARDWARE
47 R/W Everything Windows
48 Open Hardware Monitor C#.NET Image: Windows + Linux
49 LoLA Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access Linux
50 LoLA Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access Linux
51 Vendor s website, Internet datasheet archives Datasheets
52 Google is your friend, as usual HW Schematics
53 Free download for Cansecwest attendees*! *Cansecwest attendance not required, it s free to everyone Background Infoz
54 Thanks!
Virtually Impossible
Virtually Impossible The Reality of Virtualization Security Gal Diskin / Chief Research Officer / Cyvera LTD. /WhoAmI? Chief Research Officer @ Cvyera LTD Formerly Security Evaluation Architect of the
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationSTM/PE & XHIM. Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018
STM/PE & XHIM Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018 Overview SMM STM STM/PE XHIM, an STM/PE application Future Plans System Management
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationIntel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3
Intel Graphics Virtualization on KVM Aug-16-2011 allen.m.kay@intel.com KVM Forum 2011 Rev. 3 Agenda Background on IO Virtualization Device Operation on Native Platform QEMU IO Virtualization Device Direct
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationI/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班
I/O virtualization Jiang, Yunhong Yang, Xiaowei 1 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
More informationHITB Amsterdam
Closer to metal: Reverse engineering the Broadcom NetExtreme s firmware Guillaume Delugré Sogeti / ESEC R&D guillaume(at)security-labs.org HITB 2011 - Amsterdam Purpose of this presentation G. Delugré
More informationProgrammed I/O accesses: a threat to Virtual Machine Monitors?
Programmed I/O accesses: a threat to Virtual Machine Monitors? Loïc Duflot & Laurent Absil Central Department for Information Systems Security SGDN/DCSSI 51 boulevard de la Tour Maubourg 75007 Paris Introduction
More informationAn Introduction to Platform Security
presented by An Introduction to Platform Security Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Brent Holtsclaw and John Loucaides (Intel) Legal Notice No computer system can be
More informationPast, Present, and Future Justin Johnson Senior Principal Firmware Engineer
Dell Firmware Security Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer justin.johnson1@dell.com Dell Security 2 What does BIOS do? Configure and Test System Memory Configure
More informationA Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions
A Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions Eric Lacombe 1 Ph.D Supervisors: Yves Deswarte and Vincent Nicomette 1 eric.lacombe@security-labs.org
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationMicro VMMs and Nested Virtualization
Micro VMMs and Nested Virtualization For the TCE 4th summer school on computer security, big data and innovation Baruch Chaikin, Intel 9 September 2015 Agenda Virtualization Basics The Micro VMM Nested
More informationReal Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved
Siemens Corporate Technology Real Safe Times in the Jailhouse Hypervisor Real Safe Times in the Jailhouse Hypervisor Agenda Jailhouse introduction Safe isolation Architecture support Jailhouse application
More informationDawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationVirtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationGraphics Pass-through with VT-d
Graphics Pass-through with VT-d Nov-19-2009 Weidong Han Ben Lin Xen Summit Asia 2009 Agenda Graphics Virtualization Introduction Graphics Pass-through with VT-d Performance Conclusion 2 Requirements on
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Fall 2016 Lecture 2: Architectural Support for Operating Systems Geoffrey M. Voelker Administrivia Project 0 Due 10/4, done individually Homework #1 Due 10/6 Project
More informationVirtualization. Adam Belay
Virtualization Adam Belay What is a virtual machine Simulation of a computer Running as an application on a host computer Accurate Isolated Fast Why use a virtual machine? To run multiple
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationSpring 2017 :: CSE 506. Device Programming. Nima Honarmand
Device Programming Nima Honarmand read/write interrupt read/write Spring 2017 :: CSE 506 Device Interface (Logical View) Device Interface Components: Device registers Device Memory DMA buffers Interrupt
More informationDevelopment of I/O Pass-through: Current Status & the Future. Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd.
Development of I/O Pass-through: Current Status & the Future Nov 21, 2008 Yuji Shimada NEC System Technologies, Ltd. Agenda 1.Implementation of I/O Pass-through 2.Future Enhancement Plan 3.Challenges for
More informationVGA Assignment Using VFIO. Alex Williamson October 21 st, 2013
VGA Assignment Using VFIO alex.williamson@redhat.com October 21 st, 2013 Agenda Introduction to PCI & PCIe IOMMUs VFIO VGA VFIO VGA support Quirks, quirks, quirks Status and future Performance 2 A brief
More informationKVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015
KVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015 AGENDA Background & Motivation Challenges Native Page Tables Emulating the OS Kernel 2 KVM CPU MODEL IN SYSCALL EMULATION
More informationSecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationMultiNyx: A Multi-Level Abstraction Framework for Systematic Analysis of Hypervisors. Pedro Fonseca, Xi Wang, Arvind Krishnamurthy
MultiNyx: A Multi-Level Abstraction Framework for Systematic Analysis of Hypervisors Pedro Fonseca, Xi Wang, Arvind Krishnamurthy Hypervisor correctness is critical Hypervisors need to virtualize correctly
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationSR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian
SR-IOV support in Xen Yaozu (Eddie) Dong (Eddie.Dong@intel.com) Yunhong Jiang Kun (Kevin) Tian Agenda SR-IOV specification overview Xen/SR-IOV architecture Discussions 2 SR-IOV specification overview Start
More informationExtended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
More informationVirtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels
Virtualization Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels 1 What is virtualization? Creating a virtual version of something o Hardware, operating system, application, network, memory,
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationKnut Omang Ifi/Oracle 6 Nov, 2017
Software and hardware support for Network Virtualization part 1 Knut Omang Ifi/Oracle 6 Nov, 2017 1 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites:
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationOperating Systems Course 2 nd semester 2016/2017 Chapter 1: Introduction
Operating Systems Course 2 nd semester 2016/2017 Chapter 1: Introduction Lecturer: Eng. Mohamed B. Abubaker Note: Adapted from the resources of textbox Operating System Concepts, 9 th edition What is an
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationKnut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:
Software and hardware support for Network Virtualization part 2 Knut Omang Ifi/Oracle 20 Oct, 2015 32 Overview Introduction to virtualization (Virtual machines) Aspects of network virtualization: Virtual
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationCHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
More informationHardware assisted Virtualization in Embedded
Hardware assisted Virtualization in Embedded Tanveer Alam Platform Architect Embedded Virtualization Sponsored by: & Agenda Embedded Virtualization What is embedded? Embedded specific requirements Key
More informationNVDIMM Overview. Technology, Linux, and Xen
NVDIMM Overview Technology, Linux, and Xen Who am I? What are NVDIMMs? A standard for allowing NVRAM to be exposed as normal memory Potential to dramatically change the way software is written But.. They
More informationI/O Devices. Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau)
I/O Devices Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Hardware Support for I/O CPU RAM Network Card Graphics Card Memory Bus General I/O Bus (e.g., PCI) Canonical Device OS reads/writes
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationI/O and virtualization
I/O and virtualization CSE-C3200 Operating systems Autumn 2015 (I), Lecture 8 Vesa Hirvisalo Today I/O management Control of I/O Data transfers, DMA (Direct Memory Access) Buffering Single buffering Double
More informationQiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016
Qiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016 Who are we Security researcher in Qihoo 360 Inc(Gear Team) Vulnerability discovery and analysis Specialize in QEMU currently 50+ security issues, 33
More informationIntel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationMeltdown and Spectre - understanding and mitigating the threats (Part Deux)
Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec
More informationCrashOS: Hypervisor testing tool
ISSRE 2017 Anaïs GANTET - Airbus Digital Security October 2017 Outline 1 Why CrashOS? 2 CrashOS presentation 3 Vulnerability research and results October 2017 2 ISSRE Outline 1 Why CrashOS? 2 CrashOS presentation
More informationRicardo Rocha. Department of Computer Science Faculty of Sciences University of Porto
Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Slides based on the book Operating System Concepts, 9th Edition, Abraham Silberschatz, Peter B. Galvin and Greg Gagne,
More informationMeltdown and Spectre - understanding and mitigating the threats
Meltdown and Spectre - understanding and mitigating the threats Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @RenditionSec The sky isn t falling!
More informationXen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena
Xen VT status and TODO lists for Xen-summit Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena R Outline VMX Guests Status Summary Status Domain0 restructuring PCI/IOAPIC X86-64 VMX guests enhancements
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 2: Architectural Support for Operating Systems Geoffrey M. Voelker Administrivia Project 0 Due 4/9 11:59pm, done individually Homework #1 Due
More informationVirtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationARM-KVM: Weather Report Korea Linux Forum
ARM-KVM: Weather Report Korea Linux Forum Mario Smarduch Senior Virtualization Architect m.smarduch@samsung.com 1 ARM-KVM This Year Key contributors Linaro, ARM Access to documentation & specialized HW
More informationVirtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationAttacking and Defending the Platform
presented by Attacking and Defending the Platform Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Erik Bjorge and Maggie Jauregui (Intel) Legal Notice No computer system can be absolutely
More informationFakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API. Julian Stecklina
Fakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API Julian Stecklina (jsteckli@os.inf.tu-dresden.de) Dresden, 5.2.2012 00 Disclaimer This is not about OpenStack Compute.
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationJunhong Jiang, Kevin Tian, Chris Wright, Don Dugger
Updating Xen for the Client Environment Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger Legal Content INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationDOUG GOLDSTEIN STAR LAB XEN SUMMIT AUG 2016 ATTACK SURFACE REDUCTION
DOUG GOLDSTEIN STAR LAB XEN SUMMIT 2016 25 AUG 2016 ATTACK SURFACE REDUCTION OVERVIEW TOPICS Define attack surface Discuss parts of Xen s attack surface Attack surface metrics for Xen Define attack surface
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationHardware, Modularity, and Virtualization CS 111
Hardware, Modularity, and Virtualization Operating System Principles Peter Reiher Page 1 Outline The relationship between hardware and operating systems Processors I/O devices Memory Organizing systems
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationSecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes Arvind Seshadri Mark Luk Ning Qu Adrian Perrig CyLab/CMU CyLab/CMU CyLab/CMU CyLab/CMU Pittsburgh, PA, USA Pittsburgh,
More informationIntel SGX Virtualization
Sean Christopherson Intel Intel SGX Virtualization KVM Forum 2018 Traditional VM Landscape App s secrets accessible by any privileged entity, e.g. VMM and OS App App App or a malicious app that has exploited
More informationVirtualization and Virtual Machines. CS522 Principles of Computer Systems Dr. Edouard Bugnion
Virtualization and Virtual Machines CS522 Principles of Computer Systems Dr. Edouard Bugnion Virtualization and Virtual Machines 2 This week Introduction, definitions, A short history of virtualization
More informationCodeTickler: Automated Software Testing as a Service. Cris%an Zamfir, Vitaly Chipounov, George Candea
CodeTickler: Automated Software Testing as a Service Cris%an Zamfir, Vitaly Chipounov, George Candea Wouldn t it be nice to have reliable software? Vision Machines should find corner cases do tricky security
More informationResilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer
Resilient IoT Security: The end of flat security models Milosch Meriac IoT Security Engineer milosch.meriac@arm.com Securing a computer system has traditionally been a battle of wits: the penetrator tries
More informationCloud Computing Virtualization
Cloud Computing Virtualization Anil Madhavapeddy anil@recoil.org Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. x86 support for virtualization. Full and
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationSupport for Smart NICs. Ian Pratt
Support for Smart NICs Ian Pratt Outline Xen I/O Overview Why network I/O is harder than block Smart NIC taxonomy How Xen can exploit them Enhancing Network device channel NetChannel2 proposal I/O Architecture
More informationI Don't Want to Sleep Tonight:
I Don't Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep Seunghun Han, Jun-Hyeok Park (hanseunghun parkparkqw)@nsr.re.kr Wook Shin, Junghwan Kang, HyoungChun Kim (wshin ultract khche)@nsr.re.kr
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationKVM/ARM. Marc Zyngier LPC 12
KVM/ARM Marc Zyngier LPC 12 For example: if a processor is in Supervisor mode and Secure state, it is in Secure Supervisor mode ARM Architecture if a processor is Virtualization
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationOverview. Wait, which firmware? Threats Update methods request_firmware() hooking Regression testing Future work
http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook (pronounced Case ) Overview Wait, which firmware? Threats Update methods request_firmware()
More informationXen Project 4.4: Features and Futures. Russell Pavlicek Xen Project Evangelist Citrix Systems
Xen Project 4.4: Features and Futures Russell Pavlicek Xen Project Evangelist Citrix Systems About This Release Xen Project 4.4.0 was released on March 10, 2014. This release is the work of 8 months of
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationPROTECTING VM REGISTER STATE WITH AMD SEV-ES DAVID KAPLAN LSS 2017
PROTECTING VM REGISTER STATE WITH AMD SEV-ES DAVID KAPLAN LSS 2017 BACKGROUND-- HARDWARE MEMORY ENCRYPTION AMD Secure Memory Encryption (SME) / AMD Secure Encrypted Virtualization (SEV) Hardware AES engine
More informationArchitectural Support for A More Secure Operating System
Architectural Support for A More Secure Operating System Edward L. Bosworth, Ph.D. TSYS Department of Computer Science Columbus State University Columbus, GA A Few Comments The term Secure Operating System
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2017 Lecture 27 Virtualization Slides based on Various sources 1 1 Virtualization Why we need virtualization? The concepts and
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
More informationInput / Output. Kevin Webb Swarthmore College April 12, 2018
Input / Output Kevin Webb Swarthmore College April 12, 2018 xkcd #927 Fortunately, the charging one has been solved now that we've all standardized on mini-usb. Or is it micro-usb? Today s Goals Characterize
More informationLive Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
More informationDigging Into The Core of Boot
Digging Into The Core of Boot Yuriy Bulygin Oleksandr Bazhaniuk @c7zero @ABazhaniuk Agenda Intro Recap of MMIO BAR Issues in Coreboot & UEFI Coreboot ACPI GNVS Pointer Issue SMI Handler Issues in Coreboot
More informationPrivilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
More informationAMD SEV Update Linux Security Summit David Kaplan, Security Architect
AMD SEV Update Linux Security Summit 2018 David Kaplan, Security Architect WHY NOT TRUST THE HYPERVISOR? Guest Perspective o Hypervisor is code I don t control o I can t tell if the hypervisor is compromised
More informationVirtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More information