Detection of virtual machine monitor corruptions t Morgan , Eric - - PowerPoint PPT Presentation

detection of virtual machine monitor corruptions
SMART_READER_LITE
LIVE PREVIEW

Detection of virtual machine monitor corruptions t Morgan , Eric - - PowerPoint PPT Presentation

Sep 22, 2022 478 likes •619 views

Problem statement Contributions Perspectives Detection of virtual machine monitor corruptions t Morgan , Eric Alata, Vincent Nicomette Beno LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team Journ ee SEC 2 - June 30th, 2015

slide-1
SLIDE 1

Problem statement Contributions Perspectives

Detection of virtual machine monitor corruptions

Benoˆ ıt Morgan, Eric Alata, Vincent Nicomette

LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team

Journ´ ee SEC 2 - June 30th, 2015

Detection of virtual machine monitor corruptions 1 / 13

slide-2
SLIDE 2

Problem statement Contributions Perspectives

Outline

1

Problem statement

2

Contributions

3

Perspectives

Detection of virtual machine monitor corruptions 2 / 13

slide-3
SLIDE 3

Problem statement Contributions Perspectives

Context

Project SVC – Secured Virtual Cloud Project Investissement d’Avenir Itrust, Bull, Eneed, Secludit, Eurogiciel, Val Informatique, Blue Mind, LAAS-CNRS, IRIT Project Coordinator : Bull LAAS Contributions – 3 PhDs, 2 focusing on security Evaluation of intrusion detection mechanisms in clouds Detection of virtual machine monitor corruptions

Detection of virtual machine monitor corruptions 3 / 13

slide-4
SLIDE 4

Problem statement Contributions Perspectives

Virtual machine monitors

Privileged software Guest software

Hardware

Hardware

Hypervisor VM1

Transitions VM Launch VM exit

VM2

VM exit

Privileged entity Ensures space and time isolation between virtual machines Control model similar to operating system control over userland applications

Detection of virtual machine monitor corruptions 4 / 13

slide-5
SLIDE 5

Problem statement Contributions Perspectives

Motivations

More and more complex VMM

Xen, KVM, VMware ESXi Peripherals virtualisation Mass storage virtualisation Remote administration

Vulnerabilities regularly discovered Large attack surface Necessity to detect the compromission of the hypervisor

Detection of virtual machine monitor corruptions 5 / 13

slide-6
SLIDE 6

Problem statement Contributions Perspectives Trusted architecture Experimentation

Outline

1

Problem statement

2

Contributions Trusted architecture Experimentation

3

Perspectives

Detection of virtual machine monitor corruptions 6 / 13

slide-7
SLIDE 7

Problem statement Contributions Perspectives Trusted architecture Experimentation

Trusted architecture proposed

A tiny security hypervisor (l1) in charge of detecting corruption of virtualised hypervisor (l2)

VM1l2 VM2l2 VM3l2 Hypervisor l2 VMl1 Security hypervisor l1 Hardware

BUT, the security hypervisor (l1) may be also attacked and compromised

Hardware bugs Malicious peripherals

Necessity to control the integrity of the security hypervisor itself through a trusted autonomous hardware component

Detection of virtual machine monitor corruptions 7 / 13

slide-8
SLIDE 8

Problem statement Contributions Perspectives Trusted architecture Experimentation

An execution enclave of integrity checks

Integrity checks Challenge and environment checks Security Hypervisor Hardware Checks Trusted Hardware Component Guarded Software Component

1 The integrity of the security hypervisor is regularly checked by the

trusted hardware component through 1) challenges and 2) environment checks

2 The integrity of the guarded software component is checked by the

security hypervisor

3 Alarms are raised when challenges or integrity checks fail Detection of virtual machine monitor corruptions 8 / 13

slide-9
SLIDE 9

Problem statement Contributions Perspectives Trusted architecture Experimentation

Prototype

PC with Intel processor (VT-x, VT-d), PCI Express bus Trusted hardware component based on FPGA technology Bare metal security hypervisor using nested virtualisation technology Experimentation with Linux and a corrupted driver in the kernel as the Guarded Software Component Publications : SSTIC 2014[2]

Detection of virtual machine monitor corruptions 9 / 13

slide-10
SLIDE 10

Problem statement Contributions Perspectives

Outline

1

Problem statement

2

Contributions

3

Perspectives

Detection of virtual machine monitor corruptions 10 / 13

slide-11
SLIDE 11

Problem statement Contributions Perspectives

Perspectives

Current virtualisation of KVM ou VMware ESXi Improving the challenges and environment checks First prototype of recursive hypervisor (allowing to implement several security mechanisms at different privilege levels) Publications : SSTIC 2015[3]

Detection of virtual machine monitor corruptions 11 / 13

slide-12
SLIDE 12

Problem statement Contributions Perspectives

Detection of virtual machine monitor corruptions

Benoˆ ıt Morgan, Eric Alata, Vincent Nicomette

LAAS-CNRS - Dependable Computing and Fault Tolerance (TSF) Team

Journ´ ee SEC 2 - June 30th, 2015

Detection of virtual machine monitor corruptions 12 / 13

slide-13
SLIDE 13

Problem statement Contributions Perspectives

R´ ef´ erences

[1] http://sarssi2013.univ-pau.fr/index.php/programme [2] https://www.sstic.org/2014/presentation/tests_ dintegrite_dhyperviseurs/ [3] https://www.sstic.org/2015/presentation/abyme__un_ voyage_au_coeur_des_hyperviseurs_recursifs/

D´ emo 1 : https://youtu.be/Nax0SHUx9GQ D´ emo 2 : https://youtu.be/1yz_ZUA2KGM

Detection of virtual machine monitor corruptions 13 / 13