detection of virtual machine monitor corruptions
play

Detection of virtual machine monitor corruptions t Morgan , Eric - PowerPoint PPT Presentation

Sep 22, 2022 •478 likes •617 views

Problem statement Contributions Perspectives Detection of virtual machine monitor corruptions t Morgan , Eric Alata, Vincent Nicomette Beno LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journ ee SEC 2 - June 30th, 2015

  1. Problem statement Contributions Perspectives Detection of virtual machine monitor corruptions ıt Morgan , Eric Alata, Vincent Nicomette Benoˆ LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journ´ ee SEC 2 - June 30th, 2015 Detection of virtual machine monitor corruptions 1 / 13

  2. Problem statement Contributions Perspectives Outline Problem statement 1 Contributions 2 Perspectives 3 Detection of virtual machine monitor corruptions 2 / 13

  3. Problem statement Contributions Perspectives Context Project SVC – Secured Virtual Cloud Project Investissement d’Avenir Itrust , Bull , Eneed , Secludit , Eurogiciel , Val Informatique , Blue Mind , LAAS-CNRS , IRIT Project Coordinator : Bull LAAS Contributions – 3 PhDs, 2 focusing on security Evaluation of intrusion detection mechanisms in clouds Detection of virtual machine monitor corruptions Detection of virtual machine monitor corruptions 3 / 13

  4. Problem statement Contributions Perspectives Virtual machine monitors VM Launch VM 1 VM 2 VM exit VM exit Hypervisor Hardware Guest software Transitions Privileged software Hardware Privileged entity Ensures space and time isolation between virtual machines Control model similar to operating system control over userland applications Detection of virtual machine monitor corruptions 4 / 13

  5. Problem statement Contributions Perspectives Motivations More and more complex VMM Xen, KVM, VMware ESXi Peripherals virtualisation Mass storage virtualisation Remote administration Vulnerabilities regularly discovered Large attack surface Necessity to detect the compromission of the hypervisor Detection of virtual machine monitor corruptions 5 / 13

  6. Problem statement Trusted architecture Contributions Experimentation Perspectives Outline Problem statement 1 Contributions 2 Trusted architecture Experimentation Perspectives 3 Detection of virtual machine monitor corruptions 6 / 13

  7. Problem statement Trusted architecture Contributions Experimentation Perspectives Trusted architecture proposed A tiny security hypervisor ( l 1 ) in charge of detecting corruption of virtualised hypervisor ( l 2 ) VM1 l2 VM2 l2 VM3 l2 Hypervisor l 2 VM l1 Security hypervisor l 1 Hardware BUT, the security hypervisor ( l 1 ) may be also attacked and compromised Hardware bugs Malicious peripherals Necessity to control the integrity of the security hypervisor itself through a trusted autonomous hardware component Detection of virtual machine monitor corruptions 7 / 13

  8. Problem statement Trusted architecture Contributions Experimentation Perspectives An execution enclave of integrity checks Guarded Software Component Security Hypervisor Checks Hardware Trusted Hardware Component Integrity Challenge and checks environment checks 1 The integrity of the security hypervisor is regularly checked by the trusted hardware component through 1) challenges and 2) environment checks 2 The integrity of the guarded software component is checked by the security hypervisor 3 Alarms are raised when challenges or integrity checks fail Detection of virtual machine monitor corruptions 8 / 13

  9. Problem statement Trusted architecture Contributions Experimentation Perspectives Prototype PC with Intel processor (VT-x, VT-d), PCI Express bus Trusted hardware component based on FPGA technology Bare metal security hypervisor using nested virtualisation technology Experimentation with Linux and a corrupted driver in the kernel as the Guarded Software Component Publications : SSTIC 2014[2] Detection of virtual machine monitor corruptions 9 / 13

  10. Problem statement Contributions Perspectives Outline Problem statement 1 Contributions 2 Perspectives 3 Detection of virtual machine monitor corruptions 10 / 13

  11. Problem statement Contributions Perspectives Perspectives Current virtualisation of KVM ou VMware ESXi Improving the challenges and environment checks First prototype of recursive hypervisor (allowing to implement several security mechanisms at different privilege levels) Publications : SSTIC 2015[3] Detection of virtual machine monitor corruptions 11 / 13

  12. Problem statement Contributions Perspectives Detection of virtual machine monitor corruptions ıt Morgan , Eric Alata, Vincent Nicomette Benoˆ LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journ´ ee SEC 2 - June 30th, 2015 Detection of virtual machine monitor corruptions 12 / 13

  13. Problem statement Contributions Perspectives R´ ef´ erences [1] http://sarssi2013.univ-pau.fr/index.php/programme [2] https://www.sstic.org/2014/presentation/tests_ dintegrite_dhyperviseurs/ [3] https://www.sstic.org/2015/presentation/abyme__un_ voyage_au_coeur_des_hyperviseurs_recursifs/ D´ emo 1 : https://youtu.be/Nax0SHUx9GQ D´ emo 2 : https://youtu.be/1yz_ZUA2KGM Detection of virtual machine monitor corruptions 13 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Light-Weight Virtual Machine Monitor for Blue Gene/P KIT University of the State of

A Light-Weight Virtual Machine Monitor for Blue Gene/P KIT University of the State of

A Light-Weight Virtual Machine Monitor for Blue Gene/P KIT University of the State of Baden-Wuerttemberg and www.kit.edu National Research Center of the Helmholtz Association BG/P Programming Model Traditional BG/P supercomputer CIOD MPI

501 views • 19 slides
Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1

Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1

Problem Overall Architecture Evaluation Conclusion Building Trustworthy Intrusion Detection Through Virtual Machine Introspection Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer

472 views • 20 slides
Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide

Virtual Machines Appendix D Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide D-1 Outline Virtual Machine Structure Virtual Machine Monitor Privilege Physical Resources Paging Computer Security: Art and

218 views • 19 slides
Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H. Sanders Previous Work [1] Intrusion detection by combining and clustering diverse monitor data System Logs Firewall Logs Feature extraction Cluster

527 views • 49 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li,

IC2E18 An Online Virtual Machine Placement Algorithm in an Over-Committed Cloud Siqi Ji*, Ming Da Li, Niannian Ji, Baochun Li Virtual Machine Placement Select the most suitable physical machine (PM) to host each virtual machine (VM).

417 views • 13 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code Michael

Virtual Machines in Compilation Virtual Machines in Compilation Abstract Syntax Tree compile Compilation 2007 Compilation 2007 Virtual Machine Code The Java Virtual Machine The Java Virtual Machine interpret compile Native Binary Code

541 views • 11 slides
Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos

Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos

Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security

1.02k views • 62 slides
A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual

http://infinite.barrel-of-knowledge.info/cryptoparty/ (Surface web) https://yhfitd2wvrz3aybh.onion/cryptoparty/ (Deep web) A Tor gatewayed platform for everyday use Using a virtual machine stack with its own virtual LAN with all traffic

629 views • 9 slides
Zeek (Bro) Network Security Monitor Sareena K P RISE Lab What is Bro? Facilitates broader

Zeek (Bro) Network Security Monitor Sareena K P RISE Lab What is Bro? Facilitates broader

Zeek (Bro) Network Security Monitor Sareena K P RISE Lab What is Bro? Facilitates broader spectrum of very different approaches to find malicious activity semantic misuse detection anomaly detection behavioral analysis.

617 views • 23 slides
CITY OF CORPUS CHRISTI VIRTUAL MEETING LOGISTICS Please do your best to monitor your mute

CITY OF CORPUS CHRISTI VIRTUAL MEETING LOGISTICS Please do your best to monitor your mute

CITY OF CORPUS CHRISTI VIRTUAL MEETING LOGISTICS Please do your best to monitor your mute buttons during the meeting when you are not speaking. During the presentation, feel free to submit written questions via the Chat button.

538 views • 35 slides
Tackling Climate Change with Machine Learning NeurIPS 2020 Virtual Workshop December 11-12, 2020

Tackling Climate Change with Machine Learning NeurIPS 2020 Virtual Workshop December 11-12, 2020

Tackling Climate Change with Machine Learning NeurIPS 2020 Virtual Workshop December 11-12, 2020 Tackling Climate Change with Machine Learning Why topic detection for climate change ? Sentiment analysis Output Question-answering Documents

2.34k views • 8 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is

MIPS Virtual what is the Java - what is the JVM ? lecture 25 Machine analogy ? - what is Java "byte code" Java Virtual Machine invoked methods and local stack (is it related to MIPS assembly/machine code ?) variables ?

487 views • 4 slides
Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in GSM software Ralf-Philipp Weinmann Laboratory for Algorithmics, Cryptology & Computer Security University of Luxembourg

901 views • 46 slides
Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for

Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for

Free Up Your Desktop! Using Research Virtual Machines For Research Martin Feller Centre for eResearch Research Compute - the long tail NeSI: NeSI Virtual Machines Linux only Batch scheduling Performance Complex for

414 views • 15 slides
Introduction to Virtual Machines Carl Waldspurger (SB SM 89 PhD 95) VMware R&D Overview

Introduction to Virtual Machines Carl Waldspurger (SB SM 89 PhD 95) VMware R&D Overview

Introduction to Virtual Machines Carl Waldspurger (SB SM 89 PhD 95) VMware R&D Overview Virtualization and VMs Processor Virtualization Memory Virtualization I/O Virtualization I/O Virtualization Types of Virtualization

574 views • 33 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

781 views • 43 slides
f eaturing vZilla Paul Braren, IT Professional VMware Certified Professional (VCP

f eaturing vZilla Paul Braren, IT Professional VMware Certified Professional (VCP

Build Your Own VMware ESXi and Microsoft Hyper-V lab at Home, Using Affordable and Efficient Hardware. Security BSides Boston, Saturday, May 18 2013 f eaturing vZilla Paul Braren, IT Professional VMware Certified Professional (VCP

327 views • 13 slides
VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL

VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL

1 VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL AND SCHWAN, KARSTEN, SOSP '07: PROCEEDINGS OF TWENTY-FIRST ACM SIGOPS SYMPOSIUM ON OPERATING SYSTEMS PRINCIPLES STEVENSON, WASHINGTON, 2007

307 views • 17 slides
New Generation of SMODERP2D Soil Erosion Model Landa, Jebek, Kavka, Peek HyGIS a P 2019

New Generation of SMODERP2D Soil Erosion Model Landa, Jebek, Kavka, Peek HyGIS a P 2019

New Generation of SMODERP2D Soil Erosion Model Landa, Jebek, Kavka, Peek HyGIS a P 2019 1 Introduction Runoff-soil erosion physically-based distributed episodic model Calculation and prediction processes at agricultural

1.34k views • 11 slides
INTEGRATED PAYMENT PARTNERSHIP The Future of Payment Processing burton platform More than just

INTEGRATED PAYMENT PARTNERSHIP The Future of Payment Processing burton platform More than just

INTEGRATED PAYMENT PARTNERSHIP The Future of Payment Processing burton platform More than just a gateway AGENDA 1 Who We Are 2 Introducing Burton Platform 3 Our Vision: Integrated Payments 4 Why Burton: Simple, Profitable, Secure 5

309 views • 15 slides
Q2 2015 Investor Presentation Q3 2014 Investor Presentation Global Partners LP (NYSE: GLP)

Q2 2015 Investor Presentation Q3 2014 Investor Presentation Global Partners LP (NYSE: GLP)

Q2 2015 Investor Presentation Q3 2014 Investor Presentation Global Partners LP (NYSE: GLP) Forward-Looking Statements Some of the information contained in this presentation may contain forward-looking statements. Forward-looking statements

774 views • 53 slides

More recommend