Building Trustworthy Intrusion Detection Through Virtual Machine Introspection
|
|
|
- Muriel Anderson
- 6 years ago
- Views:
Transcription
1 Building Trustworthy Intrusion Detection Through Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer Science, University of Pisa IAS Conference, /20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
2 Outline 1 Attacks and Evasion of Controls 2 3 Security Performance 4 Results and Future Works 2/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
3 Rootkits Attacks and Evasion of Controls Rootkits have become more sophisticated over the years. User-level rootkits: usually, modify system binaries. Kernel-level rootkits: for example, a module inserted into the kernel. Unfortunately, rootkits and IDSes work at the same level. A rootkit can attack or evade the IDS controls. 3/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
4 Proposed Approach : Standford University. Visibility: access VM s state from a lower level. Robustness: detect intrusions from another VM. 4/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
5 Semantic How to detect intrusions/attacks inside the VM? Semantic problem: the data accessed through introspection are raw data. We also need to protect the IDS. 5/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
6 Solution #1 Modify an IDS to work at the hardware level. 6/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
7 Solution #2 Build a complex introspection library to export an OS view of the VM s state. 7/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
8 Our Solution: a Multi-Level Approach 1 Build a simple introspection library to check the kernel. 2 Extend the kernel to monitor the IDSes inside the monitored VM. 3 Use standard IDSes to detect attacks against the VM. 8/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
9 Chain of Trust 9/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
10 Architecture merges Host and Network IDSes with VMI. The first prototype is written in C, based on Xen. Introspection VM: monitors all the VMs. Monitored VM: executes the system to be monitored. Control Network: to exchange the alerts and commands among the VMs. 10/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
11 Introspection VM Introspection VM: monitors all the VMs. The introspector protects kernel integrity. The director: 1 collects the alerts; 2 executes actions in response to an alert: stops a VM. 11/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
12 Monitored VM Monitored VM: executes the system to be monitored. Runs IDSes to detect attacks/intrusions. The collector receives all the alerts from the local IDSes. The kernel checks IDS integrity. 12/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
13 Control Network Control Network: to exchange the alerts and commands among the VMs. 13/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
14 Attacks Detected Security Performance Currently, detects: Attacks to the kernel code also those inserting a malicious module. Udpates to the IDT and syscall table. Updates to the text area of a critical processes. Replacing ps and lsof. Interfaces set into promiscuous mode. 14/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
15 IOzone Read Performance Security Performance Overhead is less than 10%. 15/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
16 IOzone Write Performance Security Performance Overhead is less than 10%. 16/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
17 Antisniff Security Performance Antisniff implemented as a module or through introspection. 17/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
18 Limitations Results and Future Works Current limitations of the prototype: No checks on kernel dynamic data, such as stack. Other critical kernel data structures, besides IDT and syscall table, have to be protected. Attacks to the VMM. Attacking the kernel between each execution of the checks. 18/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
19 Results Results and Future Works Using unmodified IDSes with virtual machine introspection. Preventing evasion of the controls and attacks to IDSes. Multi-Level approach to form a chain of trust: 1 IDSes. 2 Kernel. 3 VMM. Acceptable overhead. 19/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
20 Future Works Results and Future Works Checking at runtime memory invariants. Using abstract interpretation of kernel code. Tracing a VM, such as using ptrace. Verifying system call parameters. Using introspection as an attestation of the VM. Attesting the software to a remote party. 20/20 Fabrizio Baiardi, Daniele Sgandurra Building Trustworthy Intrusion Detection Through Introspection
Towards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
Secure Sharing of an ICT Infrastructure Through Vinci
Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
OS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
PsycoTrace: Virtual and Transparent Monitoring of a Process Self
PsycoTrace: Virtual and Transparent Monitoring of a Process Self Fabrizio Baiardi, Dario Maggiari Polo G. Marconi, La Spezia Università di Pisa, Italy {baiardi, maggiari}@di.unipi.it Daniele Sgandurra,
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
CSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
Dawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
CSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
Toward Resilient Cloud Environment:
Toward Resilient Cloud Environment: Case for Virtual Machine Introspection Using Hardware Architectural Invariants Z. Kalbarczyk C. Pham, C. Di Martino, R. Iyer Coordinated Science Laboratory Department
An Obfuscation-Based Approach Against Injection Attacks
2011 Sixth International Conference on Availability, Reliability and Security An Obfuscation-Based Approach Against Injection Attacks Fabrizio Baiardi Polo G. Marconi, La Spezia University of Pisa, Italy
CIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
Cisco Secure Boot and Trust Anchor Module Differentiation
Solution Overview Cisco Secure Boot and Trust Anchor Module Differentiation Cisco Trust Anchor Technologies provide the foundation for Cisco Trustworthy Systems. Cisco Secure Boot helps ensure that the
Virtual Machine Introspection Bhushan Jain
Virtual Machine Introspection Bhushan Jain Computer Science Department Stony Brook University 1 Traditional Environment Operating System 2 Traditional Environment Process Descriptors Kernel Heap Operating
CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.
CSE 237B Fall 2009 Virtualization, Security and RTOS Rajesh Gupta Computer Science and Engineering University of California, San Diego. Overview What is virtualization? Types of virtualization and VMs
Intrusion Detection Systems. What To Observe? What To Observe?
BunnyTN Terzo Workshop di Crittografia Trento March 1, 01 UNOBSERVABLE INTRUSION DETECTION BASED ON CALL TRACES IN PARAVIRTUALIZED SYSTEMS Marino Miculan University of Udine Google: miculan (Work in collaboration
Space Traveling across VM
Space Traveling across VM Automatically Bridging the Semantic-Gap in Virtual Machine Introspection via Online Kernel Data Redirection Yangchun Fu, and Zhiqiang Lin Department of Computer Sciences The University
The DNS system is organized in a structure.
Agenda DNS security review Virtualization fundamentals What defenders can do with virtualization (Livewire) What attackers can do with virtualization (Subvirt) Summary 1/37 The DNS system is organized
Services in the Virtualization Plane. Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems
Services in the Virtualization Plane Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems The Virtualization Plane Applications Applications OS Physical Machine 20ms 20ms in in the
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions Xi Xiong The Pennsylvania State University xixiong@cse.psu.edu Donghai Tian The Pennsylvania State University Beijing
Outline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
Influential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
Multi-Hypervisor Virtual Machines: Enabling An Ecosystem of Hypervisor-level Services
Multi-Hypervisor Virtual Machines: Enabling An Ecosystem of Hypervisor-level s Kartik Gopalan, Rohith Kugve, Hardik Bagdi, Yaohui Hu Binghamton University Dan Williams, Nilton Bila IBM T.J. Watson Research
Problem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition
EXTERIOR: Using a Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery ACM VEE 13 Problem System administration tasks on a VM from the outside, e.g., issue administrative
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
Virtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
Virtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM
Virtualization lication lication lication lication lication lication OPERATING SYSTEM OPERATING SYSTEM VIRTUALIZATION 1 Basic Idea Observation Hardware resources are typically under-utilized Hardware resources
Inject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment Salman Javaid Aleksandar Zoranic Irfan Ahmed Golden G. Richard III University of New Orleans Greater New
Intel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
Microsoft Exam Upgrading Your Skills to MCSA Windows Server 2012 Version: 27.0 [ Total Questions: 439 ]
![Microsoft Exam Upgrading Your Skills to MCSA Windows Server 2012 Version: 27.0 [ Total Questions: 439 ]](/thumbs/95/123899399.jpg "Microsoft Exam Upgrading Your Skills to MCSA Windows Server 2012 Version: 27.0 [ Total Questions: 439 ]")
s@lm@n Microsoft Exam 70-417 Upgrading Your Skills to MCSA Windows Server 2012 Version: 27.0 [ Total Questions: 439 ] Question No : 1 HOTSPOT Your network contains an Active Directory domain named corp.contoso.com.
A Pre-Kernel Agent Platform for Security Assurance
A Pre-Kernel Agent Platform for Security Assurance Yung-Chuan Lee Department of Computer Science Southern Illinois University Carbondale, Illinois 62901 Email: ylee@cs.siu.edu Shahram Rahimi Department
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay Or We Can Remember It for You Wholesale (with apologies to Philip K. Dick) George Dunlap, Sam King, SukruCinar, MurtazaBasraiand
A high-performance virtual machine filesystem monitor in cloud-assisted cognitive IoT
A high-performance virtual machine filesystem monitor in cloud-assisted cognitive IoT Dongyang Zhan a, Lin Ye a, Hongli Zhang a, Binxing Fang a,b, Huhua Li a, Yang Liu a, Xiaojiang Du c, Mohsen Guizani
Securing Untrusted Code
Securing Untrusted Code Untrusted Code May be untrustworthy Intended to be benign, but may be full of vulnerabilities These vulnerabilities may be exploited by attackers (or other malicious processes)
KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels
KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels Zhi Zhang Data61, CSIRO UNSW, Australia zhi.zhang@data61.csiro.au Yueqiang Cheng Baidu USA XLab strongerwill@gmail.com
TUX : Trust Update on Linux Kernel
TUX : Trust Update on Linux Kernel Suhho Lee Mobile OS Lab, Dankook university suhho1993@gmail.com -- Hyunik Kim, and Seehwan Yoo {eternity13, seehwan.yoo}@dankook.ac.kr Index Intro Background Threat Model
Do as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack
Do as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack ALI ABBASI SYSSEC GROUP, RUHR UNIVERSITY BOCHUM, GERMANY & SCS GROUP UNIVERSITY OF TWENTE, NETHERLANDS
Hypervisor Support for Identifying Covertly Executing Binaries
Hypervisor Support for Identifying Covertly Executing Binaries Lionel Litty H. Andrés Lagar-Cavilla Dept. of Computer Science University of Toronto {llitty,andreslc}@cs.toronto.edu David Lie Dept. of Elec.
Better Security with Virtual Machines
Better Security with Virtual Machines VMware Security Seminar Cambridge, 2006 Agenda VMware Evolution Virtual machine Server architecture Virtual infrastructure Looking forward VMware s security vision
Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
Multi-Aspect Profiling of Kernel Rootkit Behavior
Multi-Aspect Profiling of Kernel Rootkit Behavior Ryan Riley, Xuxian Jiang, Dongyan Xu Purdue University, North Carolina State University EuroSys 2009 Nürnberg, Germany Rootkits Stealthy malware Hide attacker
Lecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
Verifying System Integrity by Proxy
Verifying System Integrity by Proxy Joshua Schiffman, Hayawardh Vijayakumar, and Trent Jaeger {jschiffm,hvijay,tjaeger}@cse.psu.edu Pennsylvania State University Abstract. Users are increasingly turning
CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University
Virtualization Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Introduction Virtualization Technology Applications
INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
Security for the Xen Hypervisor Status Quo & Perspective 2006
Security for the Xen Hypervisor Status Quo & Perspective 2006 Reiner Sailer Xen Summit 2006 IBM T J Watson Research Center 1/17/2006 1. Access Control Module 2. Virtual Trusted Platform Module 2 IBM T
Code Validation for Modern OS Kernels
Code Validation for Modern OS Kernels Thomas Kittel Technische Universität München Munich, Germany kittel@sec.in.tum.de Jonas Pfoh FireEye, Inc. Wilsdruffer Str. 27 Dresden, Germany jonas.pfoh@fireeye.com
Visualization-supported Analysis of System Data for Controlled VMI-based Intrusion Detection
Visualization-supported Analysis of System Data for Controlled VMI-based Intrusion Detection Noëlle Rakotondravony, Prof. Hans P. Reiser Juniorprofessur für Sicherheit in Informationssystemen Universität
W4118: interrupt and system call. Junfeng Yang
W4118: interrupt and system call Junfeng Yang Outline Motivation for protection Interrupt System call 2 Need for protection Kernel privileged, cannot trust user processes User processes may be malicious
Lecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
CSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
A Survey on Virtualization Technologies
A Survey on Virtualization Technologies Virtualization is HOT Microsoft acquires Connectix Corp. EMC acquires VMware Veritas acquires Ejascent IBM, already a pioneer Sun working hard on it HP picking up
Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names
Fast access ===> use map to find object HW == SW ===> map is in HW or SW or combo Extend range ===> longer, hierarchical names How is map embodied: --- L1? --- Memory? The Environment ---- Long Latency
The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection
: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley
24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
[537] Virtual Machines. Tyler Harter
![[537] Virtual Machines. Tyler Harter](/thumbs/78/76966859.jpg "[537] Virtual Machines. Tyler Harter")
[537] Virtual Machines Tyler Harter Outline Machine Virtualization Overview CPU Virtualization (Trap-and-Emulate) CPU Virtualization (Modern x86) Memory Virtualization Performance Challenges Outline Machine
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel University of Texas at Austin OSDI 2016 Presented by John Alsop
Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018
Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection ACSAC 2018 Sergej Proskurin, 1 Tamas Lengyel, 3 Marius Momeu, 1 Claudia Eckert, 1 and Apostolis Zarras 2 1 2 Maastricht
Secure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
icruiser: Protecting Kernel Link-Based Data Structures with Secure Canary
icruiser: Protecting Kernel Link-Based Data Structures with Secure Canary Li Wang, Dinghao Wu, and Peng Liu College of Information Sciences and Technology The Pennsylvania State University University Park,
CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives
CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives Virtual Machines Resource Virtualization Separating the abstract view of computing resources from the implementation of these resources
InkTag: Secure Applications on an Untrusted Operating System. Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin
InkTag: Secure lications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin You trust your... should you? The is the software root of trust on most
Virtual Machines. Virtual Machines
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? 1 Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host
COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER
Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Flexible and connected platforms are core components in leading computing fields, including
Mitigating Exploits, Rootkits and Advanced Persistent Threats
Mitigating Exploits, Rootkits and Advanced Persistent Threats David Durham, Senior Principal Engineer Intel Corporation Hot Chips Tutorial 1 Hot Chips 2014 Tutorial Agenda Problem Better Protection Solid
SCONE: Secure Linux Container Environments with Intel SGX
SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,
IPADS. Joint work with members in IPADS, including Yubin, Rong, Wenhao, Fengzhe, Yutao, Jin
Institute of Parallel and Distributed Systems IPADS ACD H C DA CG : : : G : ( BC CDC, A BCA DC GBC B (, : : ) E AB CG http://ipads.se.sjtu.edu.cn/haibo_chen Joint work with members in IPADS, including
The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)
The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation
Virtualization. Adam Belay
Virtualization Adam Belay What is a virtual machine Simulation of a computer Running as an application on a host computer Accurate Isolated Fast Why use a virtual machine? To run multiple
Operating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
DKSM: Subverting Virtual Machine Introspection for Fun and Profit
DKSM: Subverting Virtual Machine Introspection for Fun and Profit Sina Bahram, Xuxian Jiang, Zhi Wang, Mike Grace, Jinku Li North Carolina State University 890 Oval Drive, Campus Box 8206 Raleigh, NC 27695
Operating Systems 4/27/2015
Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Overview of System Virtualization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science
Back To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila
Xen and the Art of Virtualization Nikola Gvozdiev Georgian Mihaila Outline Xen and the Art of Virtualization Ian Pratt et al. I. The Art of Virtualization II. Xen, goals and design III. Xen evaluation
Applications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
Virtual Machine Monitors!
ISA 673 Operating Systems Security Virtual Machine Monitors! Angelos Stavrou, George Mason University! Virtual Machine Monitors 2! Virtual Machine Monitors (VMMs) are everywhere! Industry commitment! Software:
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
ADVANCED ENDPOINT PROTECTION TEST REPORT
ADVANCED ENDPOINT PROTECTION TEST REPORT SentinelOne Endpoint Protection Platform v1.8.3#31 FEBRUARY 14, 2017 Authors Thomas Skybakmoen, Morgan Dhanraj Overview NSS Labs performed an independent test of
CS 550 Operating Systems Spring Introduction to Virtual Machines
CS 550 Operating Systems Spring 2018 Introduction to Virtual Machines 1 How to share a physical computer Operating systems allows multiple processes/applications to run simultaneously Via process/memory
CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II
CS-580K/480K Advanced Topics in Cloud Computing VM Virtualization II 1 How to Build a Virtual Machine? 2 How to Run a Program Compiling Source Program Loading Instruction Instruction Instruction Instruction
Zing Vision. Answering your toughest production Java performance questions
Zing Vision Answering your toughest production Java performance questions Outline What is Zing Vision? Where does Zing Vision fit in your Java environment? Key features How it works Using ZVRobot Q & A
references Virtualization services Topics Virtualization
references Virtualization services Virtual machines Intel Virtualization technology IEEE xplorer, May 2005 Comparison of software and hardware techniques for x86 virtualization ASPLOS 2006 Memory resource
Virtual Machine Monitors (VMMs) are a hot topic in
CSE 120 Principles of Operating Systems Winter 2007 Lecture 16: Virtual Machine Monitors Keith Marzullo and Geoffrey M. Voelker Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot topic
Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫
Virtual machine architecture and KVM analysis D97942011 陳彥霖 B96902030 郭宗倫 Virtual machine monitor serves as an interface between hardware and software; no matter what kind of hardware under, software can
Secure and Flexible Monitoring of Virtual Machines
Secure and Flexible Monitoring of Virtual Machines Bryan D. Payne Martim D. P. de A. Carbone Wenke Lee Georgia Institute of Technology {bdpayne,mcarbone,wenke}@cc.gatech.edu Abstract The monitoring of
Prediction Project. Release draft (084e399) OPNFV
Prediction Project Release draft (084e399) OPNFV February 25, 2016 CONTENTS 1 1 Use cases and scenarios 3 1.1 Use case 1................................................ 3 1.2 Use case 2................................................
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET3420BU Introducing VMware s Transformative Data Center Endpoint Security Solution Vijay Ganti Director, Product Management VMware Christopher Frenz Director of Infrastructure Interfaith Medical Center
On Supporting Per-Process based System Call Vectors in Linux Kernel
On Supporting Per-Process based System Call Vectors in Linux Kernel Mallesham Dasari, Erez Zadok Stony Brook University, Stony Brook, USA Abstract Linux has a single global system call vector which is
Virtualization. Virtualization
Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.