OS Security IV: Virtualization and Trusted Computing

Similar documents
Dawn Song

CIS 5373 Systems Security

Operating system hardening

TUX : Trust Update on Linux Kernel

CSE543 - Computer and Network Security Module: Virtualization

CS 356 Operating System Security. Fall 2013

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

CSE543 - Computer and Network Security Module: Virtualization

Technical Brief Distributed Trusted Computing

Building Trustworthy Intrusion Detection Through Virtual Machine Introspection

Towards Application Security on Untrusted Operating Systems

Software Vulnerability Assessment & Secure Storage

Symantec Ransomware Protection

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?


Forensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation

Problem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition

SentinelOne Technical Brief

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

SentinelOne Technical Brief

Towards High Assurance Networks of Virtual Machines

CSE543 - Computer and Network Security Module: Virtualization

Lecture Embedded System Security Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Isolation/Confinement

Cloud Computing Virtualization

Securing IoT with the ARM mbed ecosystem

Attacking and Defending the Platform

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Android Bootloader and Verified Boot

Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection

Virtual Machine Security

Virtual Machine Introspection Bhushan Jain

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

CIS 4360 Secure Computer Systems Secured System Boot

The DNS system is organized in a structure.

Trusted Computing and O/S Security. Aggelos Kiayias Justin Neumann

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage

Justifying Integrity Using a Virtual Machine Verifier

SE420 Software Quality Assurance

The next step in IT security after Snowden

STM/PE & XHIM. Eugene D. Myers Trust Mechanisms Information Assurance Research NSA/CSS Research Directorate May 24, 2018

Protecting your system from the scum of the universe

Scalable Architectural Support for Trusted Software

ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay

GSE/Belux Enterprise Systems Security Meeting

Trusted Computing and O/S Security

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Intelligent Terminal System Based on Trusted Platform Module

CS Paul Krzyzanowski

Computer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

CIS 4360 Secure Computer Systems SGX

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Operating System Security

Security Fundamentals

Security for the Xen Hypervisor Status Quo & Perspective 2006

0x1A Great Papers in Computer Security

CIS 4360 Secure Computer Systems. Trusted Platform Module

Computer Architecture Background

The confinement principle

Platform Configuration Registers

Deploying Secure Boot: Key Creation and Management

Creating a Practical Security Architecture Based on sel4

Using Hashing to Improve Volatile Memory Forensic Analysis

CSE 120 Principles of Operating Systems

CPS 510 final exam, 4/27/2015

Security+ SY0-501 Study Guide Table of Contents

Virtual machines are an interesting extension of the virtual-memory concept: not only do we give processes the illusion that they have all of memory

Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

One Ring to Rule them All

ARM Security Solutions and Numonyx Authenticated Flash

6.857 L17. Secure Processors. Srini Devadas

Advanced Systems Security: Cloud Computing Security

Laying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency

Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN

CS 290 Host-based Security and Malware. Christopher Kruegel

SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

CS 416: Operating Systems Design April 22, 2015

Memory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

Lecture Embedded System Security Introduction to Trusted Computing

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Mobile Platform Security Architectures A perspective on their evolution

IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS

Space Traveling across VM

Bromium: Virtualization-Based Security

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

INF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang

Unicorn: Two- Factor Attestation for Data Security

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

I Don't Want to Sleep Tonight:

Influential OS Research Security. Michael Raitza

Transcription:

1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song

2 Administrivia Lab2 More questions?

3 Virtual machine monitor +-----------+----------------+-------------+ Process Virtual Memory File System +-----------+----------------+-------------+ Operating System +-----------+----------------+-------------+ Virtual Machine Monitor +-----------+----------------+-------------+ Processor Memory Disk +-----------+----------------+-------------+

4 What is a VMM? A VMM virtualizes an entire physical machine Interface supported is the hardware VMM offers illusion that OS has full control over the hardware VMM "applications" (OS) run in virtual machines

5 Motivations (1) Resource utilization Machines today are powerful, want to multiplex their hardware e.g., Cloud service can divvy up a physical machine to customers Can migrate VMs from one machine to another without shutdown

6 Motivations (2) Software use and development Can run multiple OS simultaneously No need to dual boot Can do system (e.g., OS) development at user-level Xv6/Qemu!

7 Motivations (3) Security OS can be buggy too, want stronger isolation Why VM is good for isolation? Fast recovery

8 VMM-based IDS Idea: run IDS as part of VMM (protected from malware)

9 Detecting kernel rootkit Rootkit: hides the existence of malware Creates processes that are invisible to ps Opens sockets that are invisible to netstat Detecting lies VMM requests Guest OS to list processes VMM list processes running in Guest OS How? If the two lists differ, then there must be a rootkit

10 Virtual machine introspection Tal Garfinkel, A Virtual Machine Introspection Based Architecture for Intrusion Detection, NDSS 2003 Reconstruct OS-level semantics from raw hardware data How? Memory forensics Signature-based Traversal-based

11 Detecting compromise via periodical scans Code integrity checks VMM computes hash of OS and application code Compare to a whitelist of hashes Data integrity checks Checks the content of critical OS data structures E.g., syscall dispatch table, interrupt dispatch table, etc. Malware Scans memory for known malware signatures

12 VMM-based reference monitor Problem of periodical scans Cannot/hard to detect temporary attacks Solution: VMM-based RM 1. Identify critical kernel data structures 2. Protect them (e.g., via VMM-enforced read-only protection) 3. Mediate all modifications via VMM Example: Samsung Knox

13 VMM-based malware Hide malware with a malicious VMM Invisible to anti-virus software running inside the VM

14 Arm-race Higher privileged code can attack and hide from lower privileged code Ring 3: user mode Ring 0: kernel mode Ring -1: VMM Ring -2: system manage mode (SMM) Ring -3: management engine (ME)

15 Review OS security: how to confine malicious/vulnerable programs Principles Compartmentation: isolation + least privilege Defense in depth Keep thing simple Mechanisms Reference monitors

16 Trusted computing From another perspective: what if I want to run my code on a platform where I don't fully trust the owner? Public cloud PC: digital right management (DRM) Mobile: bring-your-own-device (BYOD) Trusted computing: establish certain degrees of trust

17 Root of trust A piece of hardware/software that is Privileged enough for performing measurement Capable of protecting itself E.g., a standalone chip Cryptographical provable identity E.g., embedded private keys

18 Measurement A proof for the integrity of system state A chain of hashes Example: measured boot Record the hash of the BIOS Record the hash of the bootloader Record the hash of the hypervisor/os kernel How to record? new_hash = hash(old_hash new measurement)

19 Attestation A signed proof for the integrity measurement Measurement results A nonce to mitigate replay attack Additional information from the software Signed by a private key of the root of trust

20 Other operations Secure key generation and storage Seal: bind key to a measurement E.g., only decrypt the disk image if the measurement of the OS is expected

21 Problems of integrity measurement Hidden assumption1: one must verify and trust the code Hidden assumption2: trust the binary Load-time integrity!= run-time integrity Why? Vulnerabilities!!

22 Applications Many!

23 For next class... Crypto I: Symmetric Key

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback