Virtualization and Security

Size: px
Start display at page:

Download "Virtualization and Security"

Transcription

1 Virtualization and Security Steve Riley Senior Security Strategist Microsoft Trustworthy Computing 1

2 2 New!

3 Evolution Usage scenarios 1. One OS, one app, one human using hardware resources 2. One OS, multiple apps, one human sharing hardware resources 3. One OS, multiple apps, multiple humans sharing hardware resources 4. Multiple OSes, multiple apps, multiple humans sharing hardware resources Trust boundaries 1. None 2. Applications 3. Users 4. Operating systems 3

4 Enforcing trust boundaries Emulation Controlled access to a privileged state Single OS attacker can access hardware Multiple OSes must keep attacker away from hardware This is one function of the virtual machine monitor 4

5 5 Virtualization Review

6 Hosted virtualization Application Application Application Application Application Application Application Application Application Application Application Application Operating System Operating System Operating System Hardware 6

7 Virtual PC 2007/Server 2005 Host Guests Provided by: Virtual Server WebApp IIS Virtual Server Service Ring 3: User Mode Guest Applications Ring 1: Guest Kernel Mode Windows Virtualization ISV Provides resources VM Additions Windows (NT4, 2000, 2003) Windows Server 2003 or Windows XP Kernel Device Drivers Ring 0: Kernel Mode VMM Kernel Same privilege level Server Hardware 7

8 Hypervisor virtualization: hardware Application Application Application Application Application Application Application Application Application Application Application Application Operating System Operating System Operating System Hypervisor Hardware 8

9 Hypervisor virtualization: services Application Application Application Application Application Application Application Application Application Application Application Application Operating System System Services Operating System System Operating System Services Kernel Operating System Hypervisor Hardware 9

10 Hypervisor design options Monolithic Microkernelized VM 1 (Admin) Hypervisor VM 2 VM 3 VM 1 ( Parent ) Virtualization Stack Drivers Drivers VM 2 ( Child ) Drivers Drivers VM 3 ( Child ) Drivers Drivers Drivers Drivers Hypervisor Hardware Hardware Simpler Cheaper Use existing drivers 10

11 Windows Hyper-V virtualization Root Virtualization Stack WMI Provider VM Service Partition VM Worker Processes Child Partitions Ring 3: User ModeManages guest partitions Handles intercepts Guest Applications Emulates devices (Most traditional hypervisor functions) Provided by: Windows Virtualization ISV Server Core Windows Kernel Device Drivers Virtualization Service Providers (VSPs) Virtualization Service Clients Enforces partition as isolation boundary (VSCs) Most virtualization functions moved out Enlightenments No device drivers Well-defined interface for creating guest OSes VMBus Ring 0: Kernel Mode OS Kernel Ring -1 Windows hypervisor Server Hardware 11

12 12 Virtualization For Security

13 Things I hope you will do Sandboxing High availability and disaster recovery Forensic analysis of virtualized attackers Honeypotting 13

14 14

15 15

16 16

17 17?

18 18 0day

19 19

20 20

21 21!

22 22 Here's a thought

23 23 Here's a controversial thought

24 24 Virtualization Security

25 Common VM security myths I only have to patch my host OS or kernel. If I protect my host machine, it will protect my VMs..VHD files are secure by default. If I expose one virtual machine, I have to expose all virtual machines and the host. All virtual machines can see each other. 25

26 26 Before virtualization

27 27 After virtualization

28 Virtualization attacks Root Partition Virtualization Stack Ring 3: User Mode Guest Partitions Provided by: Windows WMI Provider VM Service VM Worker Processes Guest Applications Virtualization ISV Attackers Server Core Windows Kernel Device Drivers Virtualization Service Providers (VSPs) Virtualization Service Clients (VSCs) VMBus OS Kernel Enlightenments Ring 0: Kernel Mode Windows hypervisor Server Hardware 28

29 Security assumptions Root Trusted by guests Trusted by hypervisor All modes All rings All segments? Guests Don t trust each other Trust root All modes All rings All segments 1.04 Hypercalls Documented Available Attempted Hypervisor Trusts root 29

30 Security goals and fortifications Root Guest Guest Guest Hypervisor 30

31 Security non-goals Root Guest Guest Guest Hypervisor 31

32 Hypervisor security Stack canaries (/GX) NoExecute (NX) Code pages marked read-only Limited exception handling Digitally signed SDL Threat modeling Static analysis Fuzz testing Penetration testing 32

33 Hypervisor security Memory protection Mapping of physical memory to partition memory Can supersede R/W/X guest page table access rights I/O protection HV enforces parent policy for guest access to I/O v.1: guests have no access HV interface Parent sets policy for guess access to hypercalls, instructions v.1: guests have no access to privileged instructions 33

34 Hypervisor security Integrates with AzMan Department- and role-based administration Segregate who can manage groups of VMs Definable functions: Start, stop, create, add hardware, change image None require server or domain admin Shared resources are protected ISO disk images always read-only Write functions invoke copy (differencing disks) 34

35 Hyperjacking Get a Nigerian mortgage for your body part! Root Guest Guest Guest Hyper-jackor Hypervisor Hyper-jackor 35

36 Should you worry? Malware must start from host or root Is there malware on my system? 100% certain: no malware that I can detect >100% certain: there is no malware at all So nothing new here, move along 36

37 37 Deployment Considerations

38 38?

39 System Center Virtual Machine Manager Root Guest Guest Guest ManageNet Hypervisor 39

40 40

41 Patching a virtual machine Use snapshot or backup features to create working copy of operating system Start copy in an isolated test environment Test patches and updates Create snapshot of live system Apply patches and updates to live system Use snapshot for disaster recovery in case of failure Update backup image 41

42 Keep trust levels similar = 42

43 Thanks very much! Steve Riley Senior Security Strategist Microsoft Trustworthy Computing 43

44 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server Discussion with BCIU. Kevin Sullivan Management TSP US Education

Windows Server Discussion with BCIU. Kevin Sullivan Management TSP US Education Windows Server 2008 Discussion with BCIU Kevin Sullivan Management TSP US Education Kevin.sullivan@microsoft.com 1 Web Internet Information Services 7.0 Powerful Web Application and Services Platform Manage

More information

W11 Hyper-V security. Jesper Krogh.

W11 Hyper-V security. Jesper Krogh. W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:

More information

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,

More information

Hyper-V Deployment and Best Practices. Satyen Pradhan Premier Field Engineer Microsoft (Malaysia)

Hyper-V Deployment and Best Practices. Satyen Pradhan Premier Field Engineer Microsoft (Malaysia) Hyper-V Deployment and Best Practices Satyen Pradhan Premier Field Engineer satyenp@microsoft.com Microsoft (Malaysia) Session Objectives Hyper-V Benefits Server consolidation Utilization Business Continuity

More information

Dr. K. Y. Srinivasan. Jason Goldschmidt. Technical Lead NetApp Principal Architect Microsoft Corp.

Dr. K. Y. Srinivasan. Jason Goldschmidt. Technical Lead NetApp Principal Architect Microsoft Corp. Dr. K. Y. Srinivasan Principal Architect Microsoft Corp kys@microsoft.com Jason Goldschmidt Technical Lead NetApp jgoldsch@netapp.com ! Support FreeBSD running as a guest on Hyper-V! Collaboration between

More information

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017 Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor

More information

SERVE. -Priyal Lokhandwala

SERVE. -Priyal Lokhandwala SERVE VIRTUALIZ -Priyal Lokhandwala Contents: 1) Virtualization- an overview 2) Server Virtualization 3) VM ware 4) Hyper V 5) Server Deployment virtualization is a broad term that refers to the abstraction

More information

4.1. Virtualization. Virtualization provides the following benefits:

4.1. Virtualization. Virtualization provides the following benefits: 4.1. Virtualization Virtualization is using software to emulate one or more physical computers on a single platform. You should be familiar with the following types of virtualization: Server virtualization

More information

Virtual Machine Security

Virtual Machine Security Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal

More information

Better Security with Virtual Machines

Better Security with Virtual Machines Better Security with Virtual Machines VMware Security Seminar Cambridge, 2006 Agenda VMware Evolution Virtual machine Server architecture Virtual infrastructure Looking forward VMware s security vision

More information

COMP6511A: Large-Scale Distributed Systems. Windows Azure. Lin Gu. Hong Kong University of Science and Technology Spring, 2014

COMP6511A: Large-Scale Distributed Systems. Windows Azure. Lin Gu. Hong Kong University of Science and Technology Spring, 2014 COMP6511A: Large-Scale Distributed Systems Windows Azure Lin Gu Hong Kong University of Science and Technology Spring, 2014 Cloud Systems Infrastructure as a (IaaS): basic compute and storage resources

More information

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola Virtualization (II) SPD Course 17/03/2010 Massimo Coppola The players The Hypervisor (HV) implements the virtual machine emulation to run a Guest OS Provides resources and functionalities to the Guest

More information

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.

More information

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP Pasiruoškite ateičiai: modernus duomenų centras Laurynas Dovydaitis Microsoft Azure MVP 2016-05-17 Tension drives change The datacenter today Traditional datacenter Tight coupling between infrastructure

More information

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,

More information

System Center Virtual Machine Manager. Overblik Demo. Roadmap

System Center Virtual Machine Manager. Overblik Demo. Roadmap System Center Virtual Machine Manager Overblik Demo Roadmap System Center Macro Trends Virtualization acceleration Large Datacenter build outs Current Indicators #1 CIO priority in 2008 (up from #17) Companies

More information

Compromise-as-a-Service

Compromise-as-a-Service ERNW GmbH Carl-Bosch-Str. 4 D- 69115 Heidelberg 5/29/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm, Matthias Luft & Enno Rey {fwilhelm, mluft, erey}@ernw.de 5/29/14 ERNW GmbH Carl-Bosch-Str. 4

More information

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of

More information

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017 Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup

More information

CIS 5373 Systems Security

CIS 5373 Systems Security CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)

More information

Prashant Kumar Program Manager Microsoft Session Code:

Prashant Kumar Program Manager Microsoft Session Code: dpminfo@microsoft.com Prashant Kumar Program Manager Microsoft Session Code: Agenda Introduction to Microsoft System Center Data Protection Manager (DPM) 2007 Deep dive Demo How does DPM do efficient protection?

More information

Configure dynamic memory. Configure smart paging. Configure Resource Metering. Configure guest integration services. Configure remotefx

Configure dynamic memory. Configure smart paging. Configure Resource Metering. Configure guest integration services. Configure remotefx Chapter 9 Use Virtualization in Windows Server 2012 THE FOLLOWING 70-410 EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: Create and configure virtual machine settings Configure dynamic memory Configure smart

More information

Operating System Security

Operating System Security Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.

More information

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications Release Conception Microsoft SDL Security Development Lifecycle and Building Secure Applications KRnet 2010 2010. 6. 22. 한국마이크로소프트보안프로그램매니저김홍석부장 Hongseok.Kim@microsoft.com Agenda Applications under Attack

More information

Operating system hardening

Operating system hardening Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications

More information

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system

More information

Virtualization And High Availability. Howard Chow Microsoft MVP

Virtualization And High Availability. Howard Chow Microsoft MVP Virtualization And High Availability Howard Chow Microsoft MVP Session Objectives And Agenda Virtualization and High Availability Types of high availability enabled by virtualization Enabling a highly

More information

CSE543 - Computer and Network Security Module: Virtualization

CSE543 - Computer and Network Security Module: Virtualization CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system

More information

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today

More information

CS 571 Operating Systems. Final Review. Angelos Stavrou, George Mason University

CS 571 Operating Systems. Final Review. Angelos Stavrou, George Mason University CS 571 Operating Systems Final Review Angelos Stavrou, George Mason University Mechanics 2 4:30pm 7:00pm, Monday, Dec 14th, in Innovation Hall, room 223 Same style of questions as the midterm I m not asking

More information

Virtualization. Virtualization

Virtualization. Virtualization Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine

More information

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to

More information

Microsoft System Center Virtual Machine Manager Microsoft

Microsoft System Center Virtual Machine Manager Microsoft Microsoft System Center Virtual Machine Manager 2007 Microsoft Objectives And Agenda Virtualization Background What is System Virtualization? Introduction to System Center Virtual Machine Manager Key Scenarios

More information

OS Security IV: Virtualization and Trusted Computing

OS Security IV: Virtualization and Trusted Computing 1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+

More information

CS 550 Operating Systems Spring Introduction to Virtual Machines

CS 550 Operating Systems Spring Introduction to Virtual Machines CS 550 Operating Systems Spring 2018 Introduction to Virtual Machines 1 How to share a physical computer Operating systems allows multiple processes/applications to run simultaneously Via process/memory

More information

CSE Computer Security

CSE Computer Security CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification

More information

Operating Systems 4/27/2015

Operating Systems 4/27/2015 Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view

More information

Virtualization. Pradipta De

Virtualization. Pradipta De Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation

More information

Virtualization. Michael Tsai 2018/4/16

Virtualization. Michael Tsai 2018/4/16 Virtualization Michael Tsai 2018/4/16 What is virtualization? Let s first look at a video from VMware http://www.vmware.com/tw/products/vsphere.html Problems? Low utilization Different needs DNS DHCP Web

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:

More information

6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts

6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts 6.033 Spring 2018 Lecture #6 Monolithic kernels vs. Microkernels Virtual Machines 1 operating systems enforce modularity on a single machine using virtualization in order to enforce modularity + build

More information

CSC 5930/9010 Cloud S & P: Virtualization

CSC 5930/9010 Cloud S & P: Virtualization CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network

More information

Distributed Systems COMP 212. Lecture 18 Othon Michail

Distributed Systems COMP 212. Lecture 18 Othon Michail Distributed Systems COMP 212 Lecture 18 Othon Michail Virtualisation & Cloud Computing 2/27 Protection rings It s all about protection rings in modern processors Hardware mechanism to protect data and

More information

Integrate Microsoft Hyper-V Server

Integrate Microsoft Hyper-V Server Integrate Microsoft Hyper-V Server EventTracker Enterprise Publication Date: Jul. 20, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate

More information

Cyber Essentials Questionnaire Guidance

Cyber Essentials Questionnaire Guidance Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls

More information

Virtual machines (e.g., VMware)

Virtual machines (e.g., VMware) Case studies : Introduction to operating systems principles Abstraction Management of shared resources Indirection Concurrency Atomicity Protection Naming Security Reliability Scheduling Fairness Performance

More information

Module 1: Virtualization. Types of Interfaces

Module 1: Virtualization. Types of Interfaces Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform

More information

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /

More information

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017 No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated

More information

Intel Virtualization Technology Roadmap and VT-d Support in Xen

Intel Virtualization Technology Roadmap and VT-d Support in Xen Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.

More information

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives Virtual Machines Resource Virtualization Separating the abstract view of computing resources from the implementation of these resources

More information

OPERATING SYSTEMS Chapter 13 Virtual Machines. CS3502 Spring 2017

OPERATING SYSTEMS Chapter 13 Virtual Machines. CS3502 Spring 2017 OPERATING SYSTEMS Chapter 13 Virtual Machines CS3502 Spring 2017 Virtual Machines Allow you to run a Guest Operating System on top of a Host Operating System VMware (for most systems) Microsoft Virtual

More information

Security Architecture

Security Architecture Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need

More information

Virtualization and memory hierarchy

Virtualization and memory hierarchy Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department

More information

Agenda. Future Sessions: Azure VMs, Backup/DR Strategies, Azure Networking, Storage, How to move

Agenda. Future Sessions: Azure VMs, Backup/DR Strategies, Azure Networking, Storage, How to move Onur Dogruoz Agenda Provide an introduction to Azure Infrastructure as a Service (IaaS) Walk through the Azure portal Help you understand role-based access control Engage in an overview of the calculator

More information

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Virtualization Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Introduction Virtualization Technology Applications

More information

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II CS-580K/480K Advanced Topics in Cloud Computing VM Virtualization II 1 How to Build a Virtual Machine? 2 How to Run a Program Compiling Source Program Loading Instruction Instruction Instruction Instruction

More information

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental

More information

Project management - integrated into Outlook

Project management - integrated into Outlook Project management - integrated into Outlook InLoox PM 6.x update to InLoox PM 7.x An InLoox Whitepaper Published: October 2012 Copyright: 2012 InLoox GmbH. You can find up-to-date information at http://www.inloox.com

More information

Security Enhancements

Security Enhancements OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows

More information

SUSE Linux Enterprise Server: Supported Virtualization Technologies

SUSE Linux Enterprise Server: Supported Virtualization Technologies Technical White Paper Enterprise Linux SUSE Linux Enterprise Server: Supported Virtualization Technologies Table of Contents page Comprehensive Virtualization Support Overview... 2 Upgrade Guidelines...4

More information

Achieving high availability for Hyper-V

Achieving high availability for Hyper-V At a glance: Consolidating servers using Hyper-V Ensuring high availability of virtual machines Setting up a Windows Server 2008 failover cluster Achieving high availability for Hyper-V Steven Ekren Server

More information

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University Frequently asked questions from the previous class survey CS 370: OPERATING SYSTEMS [VIRTUALIZATION] Shrideep Pallickara Computer Science Colorado State University Difference between physical and logical

More information

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways Onur Dogruoz Agenda Previous Sessions: Introduction to Azure Infrastructure as a Service (IaaS), Azure portal, role-based access control (RBAC), calculator overview VM Types, Azure Hybrid Use Benefits(AHUB),

More information

Hyper-V Top performance and capacity tips

Hyper-V Top performance and capacity tips Hyper-V Top performance and capacity tips Introduction This paper discusses the changes in Windows/Hyper-V 2012 and what that means from the perspective of the business and managing the capacity. It will

More information

Circle IT: Microsoft Update 2016

Circle IT: Microsoft Update 2016 Circle IT: Microsoft Update 2016 Microsoft Infrastructure Technologies Pritam Pabla Technology Solutions Specialist Hybrid Cloud v-pritap@microsoft.com Agenda Windows Server 2016 New Features & Enhancements

More information

Scalable Architectural Support for Trusted Software

Scalable Architectural Support for Trusted Software Scalable Architectural Support for Trusted Software David Champagne and Ruby B. Lee Princeton University Secure Processor Design 11/02/2017 Dimitrios Skarlatos Motivation Apps handle sensitive/secret information

More information

COS 318: Operating Systems

COS 318: Operating Systems COS 318: Operating Systems OS Structures and System Calls Prof. Margaret Martonosi Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall11/cos318/ Outline Protection

More information

Multi-Aspect Profiling of Kernel Rootkit Behavior

Multi-Aspect Profiling of Kernel Rootkit Behavior Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue University, North Carolina State University EuroSys 2009 Nürnberg, Germany Rootkits Stealthy malware Hide attacker

More information

1 Virtualization Recap

1 Virtualization Recap 1 Virtualization Recap 2 Recap 1 What is the user part of an ISA? What is the system part of an ISA? What functionality do they provide? 3 Recap 2 Application Programs Libraries Operating System Arrows?

More information

Virtual Appliance Deployment Guide

Virtual Appliance Deployment Guide Virtual Appliance Deployment Guide Quick Start Guide Quick Deployment Guide Quick Start Guide Winfrasoft Virtual Appliance Deployment Guide for VMware and Hyper-V Published: December 2014 Applies to: Winfrasoft

More information

Creating a Practical Security Architecture Based on sel4

Creating a Practical Security Architecture Based on sel4 Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there

More information

Symantec Reference Architecture for Business Critical Virtualization

Symantec Reference Architecture for Business Critical Virtualization Symantec Reference Architecture for Business Critical Virtualization David Troutt Senior Principal Program Manager 11/6/2012 Symantec Reference Architecture 1 Mission Critical Applications Virtualization

More information

Karthik Bharathy Program Manager, SQL Server Microsoft

Karthik Bharathy Program Manager, SQL Server Microsoft Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level

More information

Confinement. Steven M. Bellovin November 1,

Confinement. Steven M. Bellovin November 1, Confinement Steven M. Bellovin November 1, 2016 1 Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many

More information

Gavin Payne Senior Consultant.

Gavin Payne Senior Consultant. Gavin Payne Senior Consultant gavin@coeo.com Getting Started with SQL Server and Virtualisation Designing successful virtual database environments Monitoring a virtual database environments Summary The

More information

Deploying Windows 10

Deploying Windows 10 Deploying Windows 10 Deploying Windows 10 Michael Niehaus Course Agenda Introducing Windows as a Service Deploying Windows 10 Staying Current with Windows as a Service Managing Windows 10 with System Center

More information

Using Virtualization to Improve Security. Jay Judkowitz Product Manager, ESX Server VMware, Inc.

Using Virtualization to Improve Security. Jay Judkowitz Product Manager, ESX Server VMware, Inc. Using Virtualization to Improve Security Jay Judkowitz Product Manager, ESX Server VMware, Inc. This presentation may contain VMware confidential information. Copyright 2005 VMware, Inc. All rights reserved.

More information

CS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:

CS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following: CS 470 Spring 2018 Mike Lam, Professor Virtualization and Cloud Computing Content taken from the following: A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, 9 th Edition (Chapter

More information

Module 2a. Part 1 Deploying Microsoft Lync Server 2010

Module 2a. Part 1 Deploying Microsoft Lync Server 2010 Module 2a Part 1 Deploying Microsoft Lync Server 2010 Deploying Lync Server 2010 Jump Start Day 1: Deploy & Configure Module 1: Features & Architecture Module 2a: Deploying Lync Server 2010 Part 1 Module

More information

CHAPTER 16 - VIRTUAL MACHINES

CHAPTER 16 - VIRTUAL MACHINES CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show

More information

Towards Application Security on Untrusted Operating Systems

Towards Application Security on Untrusted Operating Systems Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...

More information

Advanced Systems Security: Virtual Machine Systems

Advanced Systems Security: Virtual Machine Systems Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:

More information

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University

Virtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University Virtual Machines Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today's Topics History and benefits of virtual machines Virtual machine technologies

More information

This video is part of the Microsoft Virtual Academy.

This video is part of the Microsoft Virtual Academy. This video is part of the Microsoft Virtual Academy. 1 In this session we re going to talk about building for the private cloud using the Microsoft deployment toolkit 2012, my name s Mike Niehaus, I m

More information

Virtual Machines. Part 1: 54 years ago. Operating Systems In Depth VIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Virtual Machines. Part 1: 54 years ago. Operating Systems In Depth VIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Virtual Machines Part 1: 54 years ago Operating Systems In Depth VIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. It s 1964 The Beatles appear on the Ed Sullivan show IBM wants a multiuser

More information

The vsphere 6.0 Advantages Over Hyper- V

The vsphere 6.0 Advantages Over Hyper- V The Advantages Over Hyper- V The most trusted and complete virtualization platform SDDC Competitive Marketing 2015 Q2 VMware.com/go/PartnerCompete 2015 VMware Inc. All rights reserved. v3b The Most Trusted

More information

Virtualization Introduction

Virtualization Introduction Virtualization Introduction Simon COTER Principal Product Manager Oracle VM & VirtualBox simon.coter@oracle.com https://blogs.oracle.com/scoter November 21 st, 2016 Safe Harbor Statement The following

More information

Hardening with Hardware

Hardening with Hardware Hardening with Hardware How Windows is using hardware to improve security David dwizzzle Weston Device Security Group Manager Microsoft, Windows and Devices is not a security boundary Security boundaries

More information

Name : Bobby Davasia Title : Technology Specialist Company : Microsoft India

Name : Bobby Davasia Title : Technology Specialist Company : Microsoft India Name : Bobby Davasia Title : Technology Specialist Company : Microsoft India Session Objectives And Takeaways Get Overview of Security Compliance Management Toolkit Series Learn Easy Security Baseline

More information

Address new markets with new services

Address new markets with new services Address new markets with new services Programs Deployment Options On-premises Private Cloud Pre-configured Private Cloud Hosted Private Cloud Hyper-V Cloud Deployment Guides Hyper-V Cloud Fast Track Hyper-V

More information

Xen and the Art of Virtualization

Xen and the Art of Virtualization Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield Presented by Thomas DuBuisson Outline Motivation

More information

Services in the Virtualization Plane. Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems

Services in the Virtualization Plane. Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems Services in the Virtualization Plane Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems The Virtualization Plane Applications Applications OS Physical Machine 20ms 20ms in in the

More information

VMware Mirage Getting Started Guide

VMware Mirage Getting Started Guide Mirage 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

AMD Pacifica Virtualization Technology

AMD Pacifica Virtualization Technology AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica Tutorial 2 Virtual Machine Approaches Carve a Server into Many Virtual Machines Hosted Virtualization Hypervisor-based

More information

Implementing and Supporting Windows Intune

Implementing and Supporting Windows Intune Implementing and Supporting Windows Intune Module 3: Computer Administration by Using Windows Intune Module Overview Understanding Groups Creating and Populating Groups The Windows Intune Update Process

More information

Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels

Learning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels Learning Outcomes Extended OS An appreciation that the abstract interface to the system can be at different levels. Virtual machine monitors (VMMs) provide a lowlevel interface An understanding of trap

More information

Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison

Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison Virtualization Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison I. Introduction to Virtualization II. Virtual liances III. Benefits to Virtualization IV. Example

More information

Advanced Systems Security: Virtual Machine Systems

Advanced Systems Security: Virtual Machine Systems Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:

More information