1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song
2 Administrivia Lab2 More questions?
3 Virtual machine monitor +-----------+----------------+-------------+ Process Virtual Memory File System +-----------+----------------+-------------+ Operating System +-----------+----------------+-------------+ Virtual Machine Monitor +-----------+----------------+-------------+ Processor Memory Disk +-----------+----------------+-------------+
4 What is a VMM? A VMM virtualizes an entire physical machine Interface supported is the hardware VMM offers illusion that OS has full control over the hardware VMM "applications" (OS) run in virtual machines
5 Motivations (1) Resource utilization Machines today are powerful, want to multiplex their hardware e.g., Cloud service can divvy up a physical machine to customers Can migrate VMs from one machine to another without shutdown
6 Motivations (2) Software use and development Can run multiple OS simultaneously No need to dual boot Can do system (e.g., OS) development at user-level Xv6/Qemu!
7 Motivations (3) Security OS can be buggy too, want stronger isolation Why VM is good for isolation? Fast recovery
8 VMM-based IDS Idea: run IDS as part of VMM (protected from malware)
9 Detecting kernel rootkit Rootkit: hides the existence of malware Creates processes that are invisible to ps Opens sockets that are invisible to netstat Detecting lies VMM requests Guest OS to list processes VMM list processes running in Guest OS How? If the two lists differ, then there must be a rootkit
10 Virtual machine introspection Tal Garfinkel, A Virtual Machine Introspection Based Architecture for Intrusion Detection, NDSS 2003 Reconstruct OS-level semantics from raw hardware data How? Memory forensics Signature-based Traversal-based
11 Detecting compromise via periodical scans Code integrity checks VMM computes hash of OS and application code Compare to a whitelist of hashes Data integrity checks Checks the content of critical OS data structures E.g., syscall dispatch table, interrupt dispatch table, etc. Malware Scans memory for known malware signatures
12 VMM-based reference monitor Problem of periodical scans Cannot/hard to detect temporary attacks Solution: VMM-based RM 1. Identify critical kernel data structures 2. Protect them (e.g., via VMM-enforced read-only protection) 3. Mediate all modifications via VMM Example: Samsung Knox
13 VMM-based malware Hide malware with a malicious VMM Invisible to anti-virus software running inside the VM
14 Arm-race Higher privileged code can attack and hide from lower privileged code Ring 3: user mode Ring 0: kernel mode Ring -1: VMM Ring -2: system manage mode (SMM) Ring -3: management engine (ME)
15 Review OS security: how to confine malicious/vulnerable programs Principles Compartmentation: isolation + least privilege Defense in depth Keep thing simple Mechanisms Reference monitors
16 Trusted computing From another perspective: what if I want to run my code on a platform where I don't fully trust the owner? Public cloud PC: digital right management (DRM) Mobile: bring-your-own-device (BYOD) Trusted computing: establish certain degrees of trust
17 Root of trust A piece of hardware/software that is Privileged enough for performing measurement Capable of protecting itself E.g., a standalone chip Cryptographical provable identity E.g., embedded private keys
18 Measurement A proof for the integrity of system state A chain of hashes Example: measured boot Record the hash of the BIOS Record the hash of the bootloader Record the hash of the hypervisor/os kernel How to record? new_hash = hash(old_hash new measurement)
19 Attestation A signed proof for the integrity measurement Measurement results A nonce to mitigate replay attack Additional information from the software Signed by a private key of the root of trust
20 Other operations Secure key generation and storage Seal: bind key to a measurement E.g., only decrypt the disk image if the measurement of the OS is expected
21 Problems of integrity measurement Hidden assumption1: one must verify and trust the code Hidden assumption2: trust the binary Load-time integrity!= run-time integrity Why? Vulnerabilities!!
22 Applications Many!
23 For next class... Crypto I: Symmetric Key