|
|
- Clarence Stanley
- 5 years ago
- Views:
Transcription
1
2
3
4
5
6
7
8
9
10
11
12 Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing in software Page-table shadowing accounts for a large portion of virtualization overheads VM exits due to: #PF, INVLPG, MOV CR3 Goal of EPT is to reduce these overheads
13 What Is EPT? CR3 EPT Base Pointer (EPTP) Guest Linear Address Guest IA-32 Page Tables Guest Physical Address Extended Page Tables Host Physical Address Extended Page Table A new page-table structure, under the control of the VMM Defines mapping between guest- and host-physical addresses EPT base pointer (new VMCS field) points to the EPT page tables EPT (optionally) activated on VM entry, deactivated on VM exit Guest has full control over its own IA-32 page tables No VM exits due to guest page faults, INVLPG, or CR3 changes
14 EPT Translation: Details CR3 Guest Linear Address Host Physical Address + EPT Tables Page Directory + EPT Tables Page Table + EPT Tables Guest Physical Page Base Address Guest Physical Address All guest-physical memory addresses go through EPT tables (CR3, PDE, PTE, etc.) Above example is for 2-level table for 32-bit address space Translation possible for other page-table formats (e.g., PAE)
15
16
17
18
19
20 VT-d Overview: Intel Virtualization Technology For Directed I/O
21 Options For I/O Virtualization Monolithic Model Service VM Model Pass-through Model Service VMs Guest VMs VM 0 VM n VM 0 VM n Guest OS and Apps Guest OS and Apps I/O Services VM 0 VM n Guest OS and Apps Guest OS and Apps I/O Services Device Drivers Guest OS and Apps Device Drivers Device Drivers Device Drivers Hypervisor Hypervisor Hypervisor Shared Devices Shared Devices Assigned Devices Pro: Higher Performance Pro: I/O Device Sharing Pro: VM Migration Con: Larger Hypervisor Pro: High Security Pro: I/O Device Sharing Pro: VM Migration Con: Lower Performance Pro: Highest Performance Pro: Smaller Hypervisor Pro: Device assisted sharing Con: Migration Challenges VT-d Goal: Support all Models
22 VT-d Overview VT-d is platform infrastructure for I/O virtualization Defines architecture for DMA remapping Implemented as part of platform core logic Will be supported broadly in Intel server and client chipsets CPU CPU System Bus VT-d Integrated Devices North Bridge PCIe* Root Ports DRAM PCI Express South Bridge PCI, LPC, Legacy devices,
23 VT-d Usage Basic infrastructure for I/O virtualization Enable direct assignment of I/O devices to unmodified or paravirtualized VMs Improves system reliability Contain and report errant DMA to software Enhances security Support multiple protection domains under SW control Provide foundation for building trusted I/O capabilities Other usages Generic facility for DMA scatter/gather Overcome addressability limitations on legacy devices
24 VT-d Architecture Detail DMA Requests Device ID Virtual Address Length Bus 255 Bus N Dev 31, Func 7 Dev P, Func 2 Page Frame Fault Generation Bus 0 Dev P, Func 1 Dev 0, Func 0 4KB Page Tables DMA Remapping Engine Translation Cache Device Assignment Structures Device D1 Device D2 Address Translation Structures Context Cache Address Translation Structures Memory Access with System Physical Address Memory-resident Partitioning And Translation Structures
25 VT-d: Remapping Structures VT-d hardware selects page-table based on source of DMA request Requestor ID (bus / device / function) in request identifies DMA source VT-d Device Assignment Entry Rsvd Domain ID Rsvd Address Width 63 0 Address Space Root Pointer Rsvd Ext. Controls Controls P VT-d supports hierarchical page tables for address translation Page directories and page tables are 4 KB in size 4KB base page size with support for larger page sizes Support for DMA snoop control through page table entries VT-d Page Table Entry 63 Rsvd Page-Frame / Page-Table Address Available SP Rsvd Ext. Controls W R 0
26 VT-d: Hardware Page Walk Requestor ID DMA Virtual Address 15 Bus Device Func b b Level-4 table offset Level-3 table offset Level-2 table offset Level-1 table offset 11 Page Offset 0 Base Device Assignment Tables Level-4 Page Table Example Device Assignment Table Entry specifying 4-level page table Level-3 Page Table Level-2 Page Table Level-1 Page Table Page
27 VT-d: Translation Caching Architecture supports caching of remapping structures Context Cache: Caches frequently used device-assignment entries IOTLB: Caches frequently used translations (results of page walk) Non-leaf Cache: Caches frequently used page-directory entries When updating VT-d translation structures, software enforces consistency of these caches Architecture supports global, domain-selective, and page-range invalidations of these caches Primary invalidation interface through MMIO registers for synchronous invalidations Extended invalidation interface for queued invalidations
28 VT-x & VT-d Working Together Virtual Machines Virtual Machine Monitor (VMM) Logical Processors VT-x Binary Translation Paravirtualization Page-table Shadowing Physical Memory IO-Device Emulation Interrupt Virtualization DMA Remap VT-d I/O Devices Hardware Virtualization Mechanisms under VMM Control
29 How Intel Virtualization Technology Address Virtualization Challenges Reduced Complexity VT-x removes need for binary translation / paravirtualization Can avoid I/O emulation for direct-mapped I/O devices Improved Functionality 64-bit guest OS support, remove limitations of paravirtualization Can grant Guest OS direct access to modern physical I/O devices Enhanced Reliability and Protection Simplified VMM reduces trusted computing base (TCB) DMA errors logged and reported to software Improved Performance Hardware support reduces address-translation overheads No need for shadow page tables (saves memory)
30 Delivering Intel VT Established Intel Virtualization Technology Specifications for Intel based platforms For the IA-32 Intel Architecture (Jan 2005) VT-x For the Intel Itanium Architecture (Jan 2005) VT-i For Directed I/O Architecture (March 2006) VT-d See Shipping Intel based platforms enabled with Intel VT VT-x: Desktop in 2005, Mobile platforms and Intel Xeon processor based servers and workstations in 2006 VT-i: Later in 2006, Intel Itanium processor based servers VT-d: Intel is enabling VMM vendors with VT-d silicon in 2006
31 Demo: KVM and QEMU
32 CCS 07, Alexandria, VA, Oct 29 Nov 2, 2007 Stealthy Malware Detection Through VMM-based Out-ofthe-Box Semantic View Reconstruction Xuxian Jiang, Xinyuan Wang, Dongyan Xu North Carolina State University George Mason University Purdue University
33 Motivation Internet malware remains a top threat Malware: viruses, worms, rootkits, spyware, bots
34 Motivation Recent Trend on Rootkits Viruses/worms/bots, PUPs, 400% growth 700% growth Q1 of 2005 Source: McAfee Avert Lab Report (April 2006)
35 Existing Defenses (e.g., Anti-Virus Software) Running inside the monitored system Advantages They can see everything (e.g., files, processes, ) Disadvantages Once compromised by advanced stealthy malware, they may not see anything! IE Firefox VirusScan OS Kernel
36 Key observation Existing Defenses Both anti-virus software and vulnerable software are running inside the same system Hard to guarantee tamper-resistance Solution: Out-of-the-box defense IE Firefox VirusScan Virtual Machine OS KernelMonitor (VMM)
37 The Semantic-Gap Challenge VirusScan Semantic Gap Guest OS Virtual Machine Monitor (e.g., VMware, Xen, QEMU) What we can observe? Low-level states Memory pages, disk blocks, Low-level events Privileged instructions, Interrupts, I/O access, What we want to observe? High-level states w/ semantic info. Files, processes, high-level events w/ semantic info. System calls, context switches,
38 Main Contribution VMwatcher: A systematic approach to bridge the semantic gap Reconstructing semantic objects and events from low-level VMM observations IE Firefox Capability I: Out-of-the-box execution of commodity anti-malware software OS Kernel VMwatcher Capability II: Virtual Machine Monitor (VMM) View comparison-based stealthy malware detection
39 VMwatcher: Bridging the Semantic Gap Step 1: Procuring low-level VM states and events Disk blocks, memory pages, registers, Traps, interrupts, VM Introspection Step 2: Reconstructing high-level semantic view Files, directories, processes, and kernel modules, System calls, context switches, Guest View Casting
40 Step 1: VM Introspection Raw VMM Observations Virtual Machines (VMs) VM Disk Image VM Physical Memory VM Hardware State (e.g., registers) VM-related low-level events (e.g., interrupts) VMware Academic Program
41 Step 2: Guest View Casting VirusScan Cross-view Semantic Gap VMwatcher Guest OS Virtual Machine Monitor (VMM) Disk Key observation: The guest OS already contains all necessary semantic definitions of data structures as well as functionalities to construct the semantic view
42 Guest View Casting Raw VMM Observations Casted Guest Functions & Data Structures Reconstructed Semantic View VM Disk Image VM Physical Memory Device drivers, file system drivers Memory translation, task_struct, mm_struct VM Hardware State (e.g., registers) VM-related low-level events (e.g., interrupts) CR3, MSR_SYSENTER_CS, MSR_SYSENTER_EIP/ESP Event semantics Event-specific arguments Syscalls, Context switches,... Demo clip (3.5mins):
43 Guest View Casting on Memory State (Linux) Process List Process Memory Layout
44 Guest Memory Addressing Traditional memory addressing Given a VA, MMU translates VA to PA OSes used to map with known PA Linux: VA 0xc == PA 0x0 Windows: VA 0x == PA 0x0 VM complicates the translation Emulated Address Translation Guest virtual -> guest physical Reverse Address Translation Guest physical -> host physical VM Introspection
45 Evaluation Effectiveness Cross-view malware detection Exp. I: Cross-view detection on volatile state Exp. II: Cross-view detection on persistent state Exp. III: Cross-view detection on both volatile and persistent state Out-of-the-box execution of commodity anti-malware software Exp. IV: Symantec AntiVirus Exp. V: Windows Defender Performance Difference between internal scanning & external scanning
46 Exp. I: Cross-view detection on volatile memory state Experiment Setup Guest VM: Windows XP (SP2) Windows Fu Rootkit Host OS: Scientific Linux 4.4 VMM: VMware Server Diff VMwatcher view Inside-the-box view
47 Exp. II: Cross-view detection on persistent disk state Experiment Setup Guest VM: A Redhat 7.2-based honeypot Linux SHv4 rootkit Host OS: Windows XP (SP2) VMM: VMware Server Diff VMwatcher view Inside-the-box view
48
49 Experiment (IV) Experiment Setup Both guest OS and host OS run Windows XP (SP2) VMM: VMware Server Running Symantec AntiVirus Twice Outside Inside Hacker Defender NTRootkit
50 Internal Scanning Result Diff External Scanning Result
51 Performance Internal scanning time vs. external scanning time Comparison of Scanning Time Scanning Time (min:sec) 19:12 14:24 9:36 4:48 0: files Symantec AntiVirus files Micorsoft Window s Defender files Micorsoft Malicious Softw are Removal files Kaspersky Anti-Virus 5.5 F-PROT AntiVirus Internal Scanning Time External Scanning Time files files files McAfee VirsScan Sophos Anti-Virus Internal scanning takes longer to complete!
52 Related Work Enhancing security with virtualization (Livewire[Garfinkel03], IntroVirt[Joshi05], HyperSpector[Kourai05]) Focusing on targeted attacks with specialized IDSes Cross-view detection (Strider GhostBuster[Wang05], RootkitRevealer/ Blacklight/IceSword/ ) Either destroying the volatile state or obtaining two internal views Secure monitors CoPilot[Petroni04], Terra[Garfinkel03], shype[sailer05], SecVisor[Perrig07],TRANGO,
53 Conclusions VMwatcher A systematic approach that bridges the semantic gap and enables two unique malware detection capabilities: Cross-view malware detection Out-of-the-box execution of commodity antimalware software
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationIntel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationCOSC6376 Cloud Computing Lecture 14: CPU and I/O Virtualization
COSC6376 Cloud Computing Lecture 14: CPU and I/O Virtualization Instructor: Weidong Shi (Larry), PhD Computer Science Department University of Houston Outline CPU Virtualization I/O Virtualization Types
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationI/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班
I/O virtualization Jiang, Yunhong Yang, Xiaowei 1 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
More informationIntel Virtualization Technology for Directed I/O Architecture Specification
Intel Virtualization Technology for Directed I/O Architecture Specification February 2006 Order Number: D51397-001 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
More informationMicro VMMs and Nested Virtualization
Micro VMMs and Nested Virtualization For the TCE 4th summer school on computer security, big data and innovation Baruch Chaikin, Intel 9 September 2015 Agenda Virtualization Basics The Micro VMM Nested
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationVirtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationVirtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationNested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation
Nested Virtualization Update From Intel Xiantao Zhang, Eddie Dong Intel Corporation Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
More informationVirtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationProgrammed I/O accesses: a threat to Virtual Machine Monitors?
Programmed I/O accesses: a threat to Virtual Machine Monitors? Loïc Duflot & Laurent Absil Central Department for Information Systems Security SGDN/DCSSI 51 boulevard de la Tour Maubourg 75007 Paris Introduction
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationIntel Virtualization Technology for Directed I/O
Intel Virtualization Technology for Directed I/O Architecture Specification May 27 Revision:. Order Number: D5397-2 Legal Lines and Disclaimers Copyright 27, Intel Corporation. All Rights Reserved. Intel
More informationVirtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels
Virtualization Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels 1 What is virtualization? Creating a virtual version of something o Hardware, operating system, application, network, memory,
More informationModule 1: Virtualization. Types of Interfaces
Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform
More informationVirtualization. Virtualization
Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationKnut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:
Software and hardware support for Network Virtualization part 2 Knut Omang Ifi/Oracle 20 Oct, 2015 32 Overview Introduction to virtualization (Virtual machines) Aspects of network virtualization: Virtual
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationIntel Virtualization Technology for Directed I/O
Intel Virtualization Technology for Directed I/O Architecture Specification February Revision:. Order Number: D597-5 Legal Lines and Disclaimers Copyright, Intel Corporation. All Rights Reserved. Intel
More informationKnut Omang Ifi/Oracle 6 Nov, 2017
Software and hardware support for Network Virtualization part 1 Knut Omang Ifi/Oracle 6 Nov, 2017 1 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites:
More informationAdvanced Operating Systems (CS 202) Virtualization
Advanced Operating Systems (CS 202) Virtualization Virtualization One of the natural consequences of the extensibility research we discussed What is virtualization and what are the benefits? 2 Virtualization
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationOperating Systems 4/27/2015
Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationLecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
More informationFast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationVirtualization. Adam Belay
Virtualization Adam Belay What is a virtual machine Simulation of a computer Running as an application on a host computer Accurate Isolated Fast Why use a virtual machine? To run multiple
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationVirtually Impossible
Virtually Impossible The Reality of Virtualization Security Gal Diskin / Chief Research Officer / Cyvera LTD. /WhoAmI? Chief Research Officer @ Cvyera LTD Formerly Security Evaluation Architect of the
More informationCS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II
CS-580K/480K Advanced Topics in Cloud Computing VM Virtualization II 1 How to Build a Virtual Machine? 2 How to Run a Program Compiling Source Program Loading Instruction Instruction Instruction Instruction
More informationCloud Computing Virtualization
Cloud Computing Virtualization Anil Madhavapeddy anil@recoil.org Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. x86 support for virtualization. Full and
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationWhat is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks
LINUX-KVM The need for KVM x86 originally virtualization unfriendly No hardware provisions Instructions behave differently depending on privilege context(popf) Performance suffered on trap-and-emulate
More informationVirtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
More informationVirtual Virtual Memory
Virtual Virtual Memory Jason Power 3/20/2015 With contributions from Jayneel Gandhi and Lena Olson 4/17/2015 UNIVERSITY OF WISCONSIN 1 Virtual Machine History 1970 s: VMMs 1997: Disco 1999: VMWare (binary
More informationCS 550 Operating Systems Spring Introduction to Virtual Machines
CS 550 Operating Systems Spring 2018 Introduction to Virtual Machines 1 How to share a physical computer Operating systems allows multiple processes/applications to run simultaneously Via process/memory
More informationDawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationMulti-Aspect Profiling of Kernel Rootkit Behavior
Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue University, North Carolina State University EuroSys 2009 Nürnberg, Germany Rootkits Stealthy malware Hide attacker
More informationIntel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3
Intel Graphics Virtualization on KVM Aug-16-2011 allen.m.kay@intel.com KVM Forum 2011 Rev. 3 Agenda Background on IO Virtualization Device Operation on Native Platform QEMU IO Virtualization Device Direct
More informationIntroduction to Virtual Machines. Carl Waldspurger (SB SM 89 PhD 95) VMware R&D
Introduction to Virtual Machines Carl Waldspurger (SB SM 89 PhD 95) VMware R&D Overview Virtualization and VMs Processor Virtualization Memory Virtualization I/O Virtualization Typesof Virtualization Process
More informationG Disco. Robert Grimm New York University
G22.3250-001 Disco Robert Grimm New York University The Three Questions! What is the problem?! What is new or different?! What are the contributions and limitations? Background: ccnuma! Cache-coherent
More informationOS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
More informationSHADOW WALKER Raising The Bar For Rootkit Detection. By Sherri Sparks Jamie Butler
SHADOW WALKER Raising The Bar For Rootkit Detection By Sherri Sparks ssparks@longwood.cs.ucf.edu Jamie Butler james.butler@hbgary.com What Is A Rootkit? Defining characteristic is stealth. Viruses reproduce,
More informationKVM for IA64. Anthony Xu
KVM for IA64 Anthony Xu Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationLINUX Virtualization. Running other code under LINUX
LINUX Virtualization Running other code under LINUX Environment Virtualization Citrix/MetaFrame Virtual desktop under Windows NT. aka Windows Remote Desktop Protocol VNC, Dameware virtual console. XWindows
More informationThe Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)
The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation
More informationFast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
More informationCprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University
Virtualization Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Introduction Virtualization Technology Applications
More informationHardware Virtualization Trends
Hardware Virtualization Trends Leendert van Doorn Hardware Virtualization Trends 6/14/2006 2 Hardware Virtualization Trends 6/14/2006 Outline Virtualization 101 The world is changing Processor virtualization
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationSecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes Arvind Seshadri Mark Luk Ning Qu Adrian Perrig CyLab/CMU CyLab/CMU CyLab/CMU CyLab/CMU Pittsburgh, PA, USA Pittsburgh,
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More information24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
More informationXen is not just paravirtualization
Xen is not just paravirtualization Dongli Zhang Oracle Asia Research and Development Centers (Beijing) dongli.zhang@oracle.com December 16, 2016 Dongli Zhang (Oracle) Xen is not just paravirtualization
More information[537] Virtual Machines. Tyler Harter
[537] Virtual Machines Tyler Harter Outline Machine Virtualization Overview CPU Virtualization (Trap-and-Emulate) CPU Virtualization (Modern x86) Memory Virtualization Performance Challenges Outline Machine
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationIntel Virtualization Technology for Directed I/O
Intel Virtualization Technology for Directed I/O Architecture Specification September 203 Order Number: D5397-006, Rev. 2.2 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO
More informationNested EPT to Make Nested VMX Faster. Red Hat Author Gleb Natapov October 21, 2013
Nested EPT to Make Nested VMX Faster Red Hat Author Gleb Natapov October 21, 2013 Section 1 Background Shadow Paging Background 3 Shadow Paging Background 4 Shadow Paging Background 5 Shadow Paging Background
More informationSystem Virtual Machines
System Virtual Machines Outline Need and genesis of system Virtual Machines Basic concepts User Interface and Appearance State Management Resource Control Bare Metal and Hosted Virtual Machines Co-designed
More informationSecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu Virtualization Definition Framework or methodology of dividing the resources of a computer into multiple execution environments. Types Platform Virtualization: Simulate a
More informationChapter 5 (Part II) Large and Fast: Exploiting Memory Hierarchy. Baback Izadi Division of Engineering Programs
Chapter 5 (Part II) Baback Izadi Division of Engineering Programs bai@engr.newpaltz.edu Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple
More informationreferences Virtualization services Topics Virtualization
references Virtualization services Virtual machines Intel Virtualization technology IEEE xplorer, May 2005 Comparison of software and hardware techniques for x86 virtualization ASPLOS 2006 Memory resource
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationJunhong Jiang, Kevin Tian, Chris Wright, Don Dugger
Updating Xen for the Client Environment Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger Legal Content INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED
More informationCLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University
CLOUD COMPUTING IT0530 G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University What is virtualization? Virtualization is way to run multiple operating systems and user applications on the same
More informationGeneral-purpose computing with VirtualBox on Genode/NOVA. Norman Feske
General-purpose computing with VirtualBox on Genode/NOVA Norman Feske Outline 1. VirtualBox 2. NOVA microhypervisor and Genode 3. Transplantation of VirtualBox to NOVA 4.
More informationDistributed Systems COMP 212. Lecture 18 Othon Michail
Distributed Systems COMP 212 Lecture 18 Othon Michail Virtualisation & Cloud Computing 2/27 Protection rings It s all about protection rings in modern processors Hardware mechanism to protect data and
More informationPractical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions Xi Xiong The Pennsylvania State University xixiong@cse.psu.edu Donghai Tian The Pennsylvania State University Beijing
More informationCS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University
Frequently asked questions from the previous class survey CS 370: OPERATING SYSTEMS [VIRTUALIZATION] Shrideep Pallickara Computer Science Colorado State University Difference between physical and logical
More informationVirtualisation: The KVM Way. Amit Shah
Virtualisation: The KVM Way Amit Shah amit.shah@qumranet.com foss.in/2007 Virtualisation Simulation of computer system in software Components Processor Management: register state, instructions, exceptions
More informationOn the DMA Mapping Problem in Direct Device Assignment
On the DMA Mapping Problem in Direct Device Assignment Ben-Ami Yassour Muli Ben-Yehuda Orit Wasserman benami@il.ibm.com muli@il.ibm.com oritw@il.ibm.com IBM Research Haifa On the DMA Mapping Problem in
More informationTowards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationVirtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1
Virtual Memory Patterson & Hennessey Chapter 5 ELEC 5200/6200 1 Virtual Memory Use main memory as a cache for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationHiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018
Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018 Sergej Proskurin, 1 Tamas Lengyel, 3 Marius Momeu, 1 Claudia Eckert, 1 and Apostolis Zarras 2 1 2 Maastricht
More informationThe Price of Safety: Evaluating IOMMU Performance
The Price of Safety: Evaluating IOMMU Performance Muli Ben-Yehuda 1 Jimi Xenidis 2 Michal Ostrowski 2 Karl Rister 3 Alexis Bruemmer 3 Leendert Van Doorn 4 1 muli@il.ibm.com 2 {jimix,mostrows}@watson.ibm.com
More informationSystem Virtual Machines
System Virtual Machines Outline Need and genesis of system Virtual Machines Basic concepts User Interface and Appearance State Management Resource Control Bare Metal and Hosted Virtual Machines Co-designed
More informationIntroduction Construction State of the Art. Virtualization. Bernhard Kauer OS Group TU Dresden Dresden,
Virtualization Bernhard Kauer OS Group TU Dresden bk@vmmon.org Dresden, 2010-07-15 Motivation The vision: general-purpose OS secure trustworthy small fast fancy First problem: Legacy Application Supporting
More informationAdministrivia. Lab 1 due Friday 12pm. We give will give short extensions to groups that run into trouble. But us:
Administrivia Lab 1 due Friday 12pm. We give will give short extensions to groups that run into trouble. But email us: - How much is done & left? - How much longer do you need? Attend section Friday at
More informationHow To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client
How To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client Download Symantec Norton AntiVirus Definition Update (Upgrade/Patch). proactively block attacks and detect and remove threats
More informationDr. Song Fu 3/22/2010
CSE 589/489 Virtualization Security Dr. Song Fu song@cs.nmt.edunmt http://www.cs.nmt.edu/~song/ song/ 3/22/2010 Outline Overview of computer systems Why virtualization Virtualization techniques Virtual
More informationComputer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
More informationCS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives
CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives Virtual Machines Resource Virtualization Separating the abstract view of computing resources from the implementation of these resources
More informationPorting bhyve on ARM. Mihai Carabas, Peter Grehan BSDCan 2016 University of Ottawa Ottawa, Canada June 10 11, 2016
Porting bhyve on ARM Mihai Carabas, Peter Grehan {mihai,grehan}@freebsd.org BSDCan 2016 University of Ottawa Ottawa, Canada June 10 11, 2016 About me University POLITEHNICA of Bucharest PhD Student: virtualization
More informationVirtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫
Virtual machine architecture and KVM analysis D97942011 陳彥霖 B96902030 郭宗倫 Virtual machine monitor serves as an interface between hardware and software; no matter what kind of hardware under, software can
More informationVirtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?
Virtual Machines To do q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm? *Partially based on notes from C. Waldspurger, VMware, 2010 and Arpaci-Dusseau s Three
More informationSR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian
SR-IOV support in Xen Yaozu (Eddie) Dong (Eddie.Dong@intel.com) Yunhong Jiang Kun (Kevin) Tian Agenda SR-IOV specification overview Xen/SR-IOV architecture Discussions 2 SR-IOV specification overview Start
More informationMission-Critical Enterprise Linux. April 17, 2006
Mission-Critical Enterprise Linux April 17, 2006 Agenda Welcome Who we are & what we do Steve Meyers, Director Unisys Linux Systems Group (steven.meyers@unisys.com) Technical Presentations Xen Virtualization
More information