A Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions
|
|
|
- Deborah Short
- 5 years ago
- Views:
Transcription
1 A Hardware-Assisted Virtualization Based Approach on How to Protect the Kernel Space from Malicious Actions Eric Lacombe 1 Ph.D Supervisors: Yves Deswarte and Vincent Nicomette 1 eric.lacombe@security-labs.org LAAS - CNRS Toulouse (France) 1 / 31
2 Context Hardware/Software complexity Security flaws Flaws exploitation Attackers achieve malicious goal Kernel = Computer System Core Provides the system services to applications Handles hardware resources Kernel security flaws Critical Widespread inside device drivers Kernel = privileged target for attackers 2 / 31
3 Issue Context and Issue Two problems that we want to work on: 1 How to prevent malware from entering the kernel? 2 How to protect the system when the kernel is compromised? 3 / 31
4 Outlines 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
5 Hypothesis Context and Issue Access Vectors to Corrupt the Kernel Classes Focus on attacks against kernel integrity Loss of integrity of the Kernel Inappropriate modification of: Kernel internals = Code of the kernel or Kernel environment = Data used by the kernel (e.g., data in memory, processor registers) Leads to: Nothing (injection/modification of unused data/code) or System crash or Processing of a wrong action (inappropriate wrt. the security policy) We do not consider hardware flaws 5 / 31
6 Outlines Context and Issue Access Vectors to Corrupt the Kernel Classes 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
7 CPU-based Access Vectors Access Vectors to Corrupt the Kernel Classes 1 category: system features Software features: Kernel module loader, /dev/kmem, etc. Hardware features: System Management Mode of x86 CPU 2 category: system flaws Buffer overflows Format strings Usage of incorrect data Usage of outdated data Etc. 7 / 31
8 DMA-Based Access Vectors Access Vectors to Corrupt the Kernel Classes DMA = Direct Memory Access without CPU involvement Malicious devices connected to a DMA-capable I/O bus (e.g., Firewire) A generic solution: DMA access filtered by I/O MMU Malicious device drivers that order wrong DMA transactions Note: Usage of one access vector may open new access vectors Example: 1 Disabling/Altering I/O MMU (CPU-based AV) 2 DMA reads/writes 8 / 31
9 Outlines Context and Issue Access Vectors to Corrupt the Kernel Classes 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
10 Access Vectors to Corrupt the Kernel Classes Class 1 - Invalid Modification of Kernel-Mode Execution Paths (Code) Provoke modification of kernel behaviour, by altering kernel-mode code: (Class 1.1) Addition of a reachable malicious kernel code region (Class 1.2) Overwriting an existing kernel code region with malicious code (Class 1.3) Injection of reachable malicious code into a kernel data region (Class 1.4) Injection of reachable malicious code into a non-kernel region 10 / 31
11 Access Vectors to Corrupt the Kernel Classes Class 2 - Invalid Modification of Kernel-Mode Variables Provoke modification of kernel behaviour, by altering data it uses: (Class 2.1) Alteration of state variables (impact execution flow): The control flow data in the stack Data used in a branching condition Attributes of page tables Value of the idtr register etc. (Class 2.2) Alteration of auxiliary variables: Description of an error displayed by printk() / 31
12 Outlines Context and Issue Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
13 A Kernel Full of Constraints Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor Kernel-Constrained Objects (KCO) Kernel variables Always in a fixed or predictable state by specification No matter implementation bugs or design flaws For instance: IDT (Interrupt Descriptor Table) and the idtr register are KCO Kernel Address Space Layout is composed of several KCO 13 / 31
14 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor How to Protect Kernel-Constrained Objects Need to be done at a higher hardware privilege level than the kernel Practicable thanks to hardware virtualization technology Not a full hypervisor, but a really lightweight one Easier verification of its correctness Our approach: Unique ability to restrict the kernel mode Overcome numerous malicious actions by preventing constraint violations 14 / 31
15 Outlines Context and Issue Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
16 Hytux Overview Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor 16 / 31
17 Intel VT-x Quick Overview Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor 17 / 31
18 Outlines Context and Issue 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
19 Preventing idtr from Being Modified idtr = Processor register, contains IDT address Needs to be filled only at system initialisation But may be modified by kernel malware in order to operate Hytux protects against idtr modification: Intercepts write access (thanks to VM-exit controls) Emulates this access Do not modify idtr, only updates guest program counter. Other registers similarly protected: gdtr, cr0 and cr4, MSR, etc. 19 / 31
20 Outlines Context and Issue 1 Access Vectors to Corrupt the Kernel Classes 2 Preserving the Constraints on Kernel-Constrained Objects Hytux: a Lightweight Hypervisor / 31
21 Preserving the Kernel Address Space Layout The Idea Enforce constraints on the kernel address space layout Protect the system against at least Class 1.2 and Class 1.3 Code region: NX=0, R/W=0 Data region: NX=1, R/W=1 Read-only data region: NX=1, R/W=0 21 / 31
22 Recall the Paging Mechanism / 31
23 ... and the Bare Linux Kernel Address Space Layout 23 / 31
24 A First (Wrong) Solution 24 / 31
25 A First (Wrong) Solution (Contd.) Why is it wrong? Kernel page tables needs to be modified during system execution Dynamic load of device drivers (VMALLOC area) Needs to stay in a R/W memory region But the attacker could then modify page table attributes and mess up constraints 25 / 31
26 A Good Solution Concept Set to 0 the R/W attribute of pages that contain kernel page tables When the kernel wants to modify kernel pages tables: 1 A page-fault is about to occur 2 A VM-exit is thus triggered 3 Hytux takes over the execution 4 It verifies wanted modifications do not change constraints (from the layout it knows resilient) When the kernel wants to load cr3 register (page table reference): 1 A VM-exit is triggered 2 Hytux verifies correctness of page tables last entries (kernel space) 26 / 31
27 A Good Solution (Contd.) 27 / 31
28 A Good Solution (Contd.) Notes The kernel layout may be modified in the VMALLOC area (driver/module insertion) vmalloc()/vfree() needs to inform Hytux on this changing Hytux can modify kernel page tables Acts in a context with full access to the memory 28 / 31
29 Contributions Proposition of a classification of malicious kernel-targeted actions New concept for kernel security measures: protection of Kernel-Constrained Objects Can be applied to all classes except Class 1.1 Kernel address space layout protection Overcome at least Class 1.2 and Class 1.3 First use of hardware virtualization technology to protect the host: Unique ability to restrict the kernel mode Results in the protection of the kernel against many kind of malware 29 / 31
30 Limits All system objects are not easily captured as KCO Constraints do not exist, be too loose or unobservable Malicious actions can benefit from these objects Are malicious actions still possible in an ideal world full of KCO? 30 / 31
31 Wake Up Your Neighbours......but don t let them ask questions ;) 31 / 31
Operating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
Intel VMX technology
Intel VMX technology G. Lettieri 28 Oct. 2015 1 The Virtual Machine Monitor In the context of hardware-assisted virtualization, it is very common to introduce the concept of a Virtual Machine Monitor (VMM).
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes Arvind Seshadri Mark Luk Ning Qu Adrian Perrig CyLab/CMU CyLab/CMU CyLab/CMU CyLab/CMU Pittsburgh, PA, USA Pittsburgh,
MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
CrashOS: Hypervisor testing tool
ISSRE 2017 Anaïs GANTET - Airbus Digital Security October 2017 Outline 1 Why CrashOS? 2 CrashOS presentation 3 Vulnerability research and results October 2017 2 ISSRE Outline 1 Why CrashOS? 2 CrashOS presentation
Virtualization (II) SPD Course 17/03/2010 Massimo Coppola
Virtualization (II) SPD Course 17/03/2010 Massimo Coppola The players The Hypervisor (HV) implements the virtual machine emulation to run a Guest OS Provides resources and functionalities to the Guest
Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
Subverting the Linux Kernel Linux Kernel Rootkits 101
Subverting the Linux Kernel Linux Kernel Rootkits 101 Kernel Rootkits? A collection of program(s) that hide an attacker's presence and activities on a compromised system Typically allows an attacker to
Computer Architecture Background
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 2b Computer Architecture Background Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical & Computer Engineering
STM/PE & XHIM. Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018
STM/PE & XHIM Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018 Overview SMM STM STM/PE XHIM, an STM/PE application Future Plans System Management
PROTECTION CHAPTER 4 PROTECTION
Protection 4 CHAPTER 4 PROTECTION In protected mode, the Intel Architecture provides a protection mechanism that operates at both the segment level and the page level. This protection mechanism provides
CS 550 Operating Systems Spring Interrupt
CS 550 Operating Systems Spring 2019 Interrupt 1 Revisit -- Process MAX Stack Function Call Arguments, Return Address, Return Values Kernel data segment Kernel text segment Stack fork() exec() Heap Data
24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.
24-vm.txt Mon Nov 21 22:13:36 2011 1 Notes on Virtual Machines 15-440, Fall 2011 Carnegie Mellon University Randal E. Bryant References: Tannenbaum, 3.2 Barham, et al., "Xen and the art of virtualization,"
Advanced Operating Systems (CS 202) Virtualization
Advanced Operating Systems (CS 202) Virtualization Virtualization One of the natural consequences of the extensibility research we discussed What is virtualization and what are the benefits? 2 Virtualization
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
Lecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
ECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
Architectural Support for A More Secure Operating System
Architectural Support for A More Secure Operating System Edward L. Bosworth, Ph.D. TSYS Department of Computer Science Columbus State University Columbus, GA A Few Comments The term Secure Operating System
Memory Safety for Low- Level Software/Hardware Interactions
Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Montreal or Bust! Vikram Adve Safety Future is Bright User-space memory safety is improving Safe languages SAFECode,
CIS 5373 Systems Security
CIS 5373 Systems Security Topic 1: Introduction to Systems Security Endadul Hoque 1 Why should you care? Security impacts our day-to-day life Become a security-aware user Make safe decisions Become a security-aware
Micro VMMs and Nested Virtualization
Micro VMMs and Nested Virtualization For the TCE 4th summer school on computer security, big data and innovation Baruch Chaikin, Intel 9 September 2015 Agenda Virtualization Basics The Micro VMM Nested
Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organizations Some wanted to run different OSes at the same time (because applications were developed on old OSes) Solution: IBM developed
Virtualization. Virtualization
Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine
Software Virtualization Based Rootkits
Software Virtualization Based Rootkits BING SUN taoshaixiaoyao@hotmail.com Popular Virtual Execution Techniques Pure Emulator: Bochs OS/API Emulator: Wine Virtual Machine: VMware, Plex86 Full Virtualization
Meltdown, Spectre, and Security Boundaries in LEON/GRLIB. Technical note Doc. No GRLIB-TN-0014 Issue 1.1
Template: GQMS-TPLT-1-1-0 Meltdown, Spectre, and Security Boundaries in LEON/GRLIB Technical note 2018-03-15 Doc. No Issue 1.1 Date: 2018-03-15 Page: 2 of 8 CHANGE RECORD Issue Date Section / Page Description
Virtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
IA32 Intel 32-bit Architecture
1 2 IA32 Intel 32-bit Architecture Intel 32-bit Architecture (IA32) 32-bit machine CISC: 32-bit internal and external data bus 32-bit external address bus 8086 general registers extended to 32 bit width
Initial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
Interrupts & System Calls
Interrupts & System Calls Nima Honarmand Previously on CSE306 Open file hw1.txt App Ok, here s handle App 4 App Libraries Libraries Libraries User System Call Table (350 1200) Supervisor Kernel Hardware
Meltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory
Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given
Secure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
Virtually Impossible
Virtually Impossible The Reality of Virtualization Security Gal Diskin / Chief Research Officer / Cyvera LTD. /WhoAmI? Chief Research Officer @ Cvyera LTD Formerly Security Evaluation Architect of the
Programmed I/O accesses: a threat to Virtual Machine Monitors?
Programmed I/O accesses: a threat to Virtual Machine Monitors? Loïc Duflot & Laurent Absil Central Department for Information Systems Security SGDN/DCSSI 51 boulevard de la Tour Maubourg 75007 Paris Introduction
Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班
I/O virtualization Jiang, Yunhong Yang, Xiaowei 1 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
Interrupts and System Calls
Interrupts and System Calls Open file hw1.txt App First lecture Ok, here s handle 4 App App Don Porter Libraries Libraries Libraries System Call Table (350 1200) Kernel User Supervisor Hardware 1 2-2 Today
Protection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
x86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
x86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT kaashoek@mit.edu Outline Enforcing modularity with virtualization Virtualize processor and memory x86 mechanism for virtualization
Virtualisation: The KVM Way. Amit Shah
Virtualisation: The KVM Way Amit Shah amit.shah@qumranet.com foss.in/2007 Virtualisation Simulation of computer system in software Components Processor Management: register state, instructions, exceptions
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
Intel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay Or We Can Remember It for You Wholesale (with apologies to Philip K. Dick) George Dunlap, Sam King, SukruCinar, MurtazaBasraiand
Lecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
CSCE Introduction to Computer Systems Spring 2019
CSCE 313-200 Introduction to Computer Systems Spring 2019 Processes Dmitri Loguinov Texas A&M University January 24, 2019 1 Chapter 3: Roadmap 3.1 What is a process? 3.2 Process states 3.3 Process description
Interrupts and System Calls
Housekeeping Interrupts and System Calls Don Porter CSE 506 Welcome TA Amit Arya Office Hours posted Next Thursday s class has a reading assignment Lab 1 due Friday All students should have VMs at this
Interrupts and System Calls. Don Porter CSE 506
Interrupts and System Calls Don Porter CSE 506 Housekeeping ò Welcome TA Amit Arya Office Hours posted ò Next Thursday s class has a reading assignment ò Lab 1 due Friday ò All students should have VMs
Real Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved
Siemens Corporate Technology Real Safe Times in the Jailhouse Hypervisor Real Safe Times in the Jailhouse Hypervisor Agenda Jailhouse introduction Safe isolation Architecture support Jailhouse application
Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels
Virtualization Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels 1 What is virtualization? Creating a virtual version of something o Hardware, operating system, application, network, memory,
Xen and the Art of Virtualization
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield Presented by Thomas DuBuisson Outline Motivation
Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
Lecture Dependable Systems Practical Report Software Implemented Fault Injection. July 31, 2010
Lecture Dependable Systems Practical Report Software Implemented Fault Injection Paul Römer Frank Zschockelt July 31, 2010 1 Contents 1 Introduction 3 2 Software Stack 3 2.1 The Host and the Virtual Machine.....................
CIS Operating Systems Memory Management Cache and Demand Paging. Professor Qiang Zeng Spring 2018
CIS 3207 - Operating Systems Memory Management Cache and Demand Paging Professor Qiang Zeng Spring 2018 Process switch Upon process switch what is updated in order to assist address translation? Contiguous
CSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
Meltdown and Spectre - understanding and mitigating the threats (Part Deux)
Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec
Hardware Involved Software Attacks
Hardware Involved Software Attacks Jeff Forristal CanSecWest 2012 Once you have root/admin, what s left to do? Question Rootkits VM escapes hacking/ priv escalation BIOS hacking Jail breaking Relevance
Part I. X86 architecture overview. Secure Operating System Design and Implementation x86 architecture. x86 processor modes. X86 architecture overview
X86 architecture overview Overview Secure Operating System Design and Implementation x86 architecture Jon A. Solworth Part I X86 architecture overview Dept. of Computer Science University of Illinois at
Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras Week 08 Lecture 38 Preventing Buffer Overflow Attacks Hello.
Pacifica Next Generation Architecture for Efficient Virtual Machines
Pacifica Next Generation Architecture for Efficient Virtual Machines Steve McDowell Division Marketing Manager Computation Products Group AMD steven.mcdowell@amd.com Geoffrey Strongin Platform Security
CIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems Memory Management Cache Professor Qiang Zeng Fall 2017 Previous class What is logical address? Who use it? Describes a location in the logical memory address space Compiler
Hardware Assisted Virtualization
Hardware Assisted Virtualization G. Lettieri 21 Oct. 2015 1 Introduction In the hardware-assisted virtualization technique we try to execute the instructions of the target machine directly on the host
ARM CORTEX-R52. Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture.
ARM CORTEX-R52 Course Family: ARMv8-R Cortex-R CPU Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture. Duration: 4 days Prerequisites and related
G Xen and Nooks. Robert Grimm New York University
G22.3250-001 Xen and Nooks Robert Grimm New York University Agenda! Altogether now: The three questions! The (gory) details of Xen! We already covered Disco, so let s focus on the details! Nooks! The grand
Linux Security Summit Europe 2018
Linux Security Summit Europe 2018 Kernel Hardening: Protecting the Protection Mechanisms Igor Stoppa - igor.stoppa@huawei.com Cyber Security & Privacy Protection Labs - Huawei introduction memory classification
Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
Intel Analysis of Speculative Execution Side Channels
Intel Analysis of Speculative Execution Side Channels White Paper Revision 1.0 January 2018 Document Number: 336983-001 Intel technologies features and benefits depend on system configuration and may require
Hardware, Modularity, and Virtualization CS 111
Hardware, Modularity, and Virtualization Operating System Principles Peter Reiher Page 1 Outline The relationship between hardware and operating systems Processors I/O devices Memory Organizing systems
[537] Virtual Machines. Tyler Harter
![[537] Virtual Machines. Tyler Harter](/thumbs/78/76966859.jpg "[537] Virtual Machines. Tyler Harter")
[537] Virtual Machines Tyler Harter Outline Machine Virtualization Overview CPU Virtualization (Trap-and-Emulate) CPU Virtualization (Modern x86) Memory Virtualization Performance Challenges Outline Machine
Cloud Computing Virtualization
Cloud Computing Virtualization Anil Madhavapeddy anil@recoil.org Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. x86 support for virtualization. Full and
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions Xi Xiong The Pennsylvania State University xixiong@cse.psu.edu Donghai Tian The Pennsylvania State University Beijing
Virtualization Enabled Integrity Services (VIS)
Virtualization Enabled Integrity Services (VIS) Vedvyas Shanbhogue, Ravi Sahita, Uday Savagaonkar (vedvyas.shanbhogue@intel.com, ravi.sahita@intel.com, uday.savagaonkar@intel.com) Intel Motivation Malware
What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks
LINUX-KVM The need for KVM x86 originally virtualization unfriendly No hardware provisions Instructions behave differently depending on privilege context(popf) Performance suffered on trap-and-emulate
The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
A Design for Comprehensive Kernel Instrumentation
Design for Comprehensive Kernel Instrumentation Peter Feiner ngela Demke Brown shvin Goel peter@cs.toronto.edu demke@cs.toronto.edu ashvin@eecg.toronto.edu University of Toronto 011 / 16 Motivation Transparent
Secure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
CHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and benefits of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
The Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California
Virtualization with XEN Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California A g e n d a Introduction Virtualization approaches Basic XEN Architecture Setting up XEN Bootstrapping
William Stallings Computer Organization and Architecture. Chapter 11 CPU Structure and Function
William Stallings Computer Organization and Architecture Chapter 11 CPU Structure and Function CPU Structure CPU must: Fetch instructions Interpret instructions Fetch data Process data Write data Registers
Mitigating Exploits, Rootkits and Advanced Persistent Threats
Mitigating Exploits, Rootkits and Advanced Persistent Threats David Durham, Senior Principal Engineer Intel Corporation Hot Chips Tutorial 1 Hot Chips 2014 Tutorial Agenda Problem Better Protection Solid
Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
Announcement. Exercise #2 will be out today. Due date is next Monday
Announcement Exercise #2 will be out today Due date is next Monday Major OS Developments 2 Evolution of Operating Systems Generations include: Serial Processing Simple Batch Systems Multiprogrammed Batch
Buffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
3.6. PAGING (VIRTUAL MEMORY) OVERVIEW
an eight-byte boundary to yield the best processor performance. The limit value for the GDT is expressed in bytes. As with segments, the limit value is added to the base address to get the address of the
Synopsis: Intel CPU information leak. Haswell, probably others. Date: Nov 28, Issue: ======
Synopsis: Intel CPU information leak Product: Intel Core Version: Haswell, probably others Vendor: Intel URL: http://www.intel.com/ CVE: N/A Author: Immunity, Inc. Date: Nov 28, 2014 Issue: ====== The
COLORADO, USA; 2 Usov Aleksey Yevgenyevich - Technical Architect, RUSSIAN GOVT INSURANCE, MOSCOW; 3 Kropachev Artemii Vasilyevich Manager,
MAIN ASPECTS OF THE MODERN INFORMATION SYSTEMS HARDWARE RESOURCES VIRTUALIZATION METHODOLOGY Zuev D.O. 1, Usov A.Y. 2, Kropachev A.V. 3, Mostovshchikov D.N. 4 1 Zuev Denis Olegovich - Independent Consultant,
Capturing RAM. Alex Applegate. Mississippi State University Digital Forensics 1
Capturing RAM Alex Applegate 1 Overview Capture Problems Causing a Process Dump Full Manual Memory Dump Binary Block Copy Tribble Cold Boot Recovery Firewire DMA Attack 2 Capture Problems RAM has many
Syscalls, exceptions, and interrupts, oh my!
Syscalls, exceptions, and interrupts, oh my! Hakim Weatherspoon CS 3410 Computer Science Cornell University [Altinbuken, Weatherspoon, Bala, Bracy, McKee, and Sirer] Announcements P4-Buffer Overflow is
CS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
Address spaces and memory management
Address spaces and memory management Review of processes Process = one or more threads in an address space Thread = stream of executing instructions Address space = memory space used by threads Address
Virtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
Cyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
The Price of Safety: Evaluating IOMMU Performance
The Price of Safety: Evaluating IOMMU Performance Muli Ben-Yehuda 1 Jimi Xenidis 2 Michal Ostrowski 2 Karl Rister 3 Alexis Bruemmer 3 Leendert Van Doorn 4 1 muli@il.ibm.com 2 {jimix,mostrows}@watson.ibm.com
CIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2015
CIS 5512 - Operating Systems Memory Management Cache Professor Qiang Zeng Fall 2015 Previous class What is logical address? Who use it? Describes a location in the logical address space Compiler and CPU
To EL2, and Beyond! connect.linaro.org. Optimizing the Design and Implementation of KVM/ARM
To EL2, and Beyond! Optimizing the Design and Implementation of KVM/ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM Christoffer Dall Shih-Wei Li connect.linaro.org