enhance protection from security bugs in the xen
play

Enhance protection from security bugs in the Xen hypervisor Anthony - PowerPoint PPT Presentation

Jul 03, 2023 •653 likes •859 views

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture Dom0 VMs QEMU Xen Scheduler MMU vPIC Memory CPUs I/O HW Emulation in hypervisor For performance Examples: Interrupt controller

  1. Enhance protection from security bugs in the Xen hypervisor Anthony PERARD

  2. Xen architecture Dom0 VMs QEMU Xen Scheduler MMU vPIC Memory CPUs I/O HW

  3. Emulation in hypervisor ● For performance ● Examples: – Interrupt controller – Real mode emulation – Timers

  4. Emulation in hypervisor ● For performance ● Examples: – Interrupt controller – Real mode emulation – Timers ● Have same privilege as the hypervisor

  5. Reduce severity of bugs ● Deprivilege emulator execution ● Different memory space ● User mode

  6. Deprivileged mode ● Prepare page tables for user access

  7. Deprivileged mode ● Prepare page tables for user access ● Emulator code into different section – .hvm_deprivileged_enhancement.text

  8. Deprivileged mode ● Prepare page tables for user access ● Emulator code into different section ● Have context switch: – vmx_ctxt_switch_from() – Save EFER, then allow sysret/syscall – Save registers – Setup new stack for depriv mode – Sysret – Now in user mode, call the function

  9. Deprivileged mode ● Prepare page tables for user access ● Emulator code into different section ● Have context switch ● Jump table for switch statement issue – .rodata

  10. Bad behavior ● What if there is a bug in the emulator? – Access other memory? – Infinite loop? – Other exception?

  11. Bad behavior ● Trap handlers for exception: – Page fault – General exception – ...

  12. Bad behavior ● Trap handlers for exception: – Page fault – General exception – ... → crash domain!

  13. Bad behavior ● Trap handlers for exception: – Page fault – General exception – ... → crash domain! ● Infinit loop? – Watchdog

  14. Bad behavior ● Trap handlers for exception: – Page fault – General exception – ... → crash domain! ● Infinit loop? – Watchdog → crash domain

  15. Syscall from depriv mode ● Do privileged command while in depriv mode

  16. Syscall from depriv mode ● Do privileged command while in depriv mode – Set a number in a register, then syscall

  17. Syscall from depriv mode ● Do privileged command while in depriv mode – Set a number in a register, then syscall ● Problem, syscall use same return path – Have a syscall number for actual return

  18. Conclusion ● Optimisation ● Benchmark ● Do not trust depriv mode ● Work in progress

  19. Conclusion ● Optimisation ● Benchmark ● Do not trust depriv mode ● Work in progress ● Proof-of-concept by Ben Catterall ● Look for “deprivileged mode” in xen-devel archive – http://lists.xen.org/archives/html/xen-devel/

  20. Question? ● Look for “deprivileged mode” in xen-devel archive – http://lists.xen.org/archives/html/xen-devel/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Security While protection has been discussed throughout the class kernel vs. user mode,

Security While protection has been discussed throughout the class kernel vs. user mode,

Security While protection has been discussed throughout the class kernel vs. user mode, protected memory, file permissions these mechanisms have generally been focused on protection from accidental misuse (software bugs, novice

463 views • 13 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly internal problem Protection: mechanism for controlling the access of programs, processes, or users to the resources defined by a computer

499 views • 16 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding Bugs 2

461 views • 8 slides
Whitebox Fuzzing David Molnar Microsoft Research Problem: Security Bugs in File Parsers Hundreds

Whitebox Fuzzing David Molnar Microsoft Research Problem: Security Bugs in File Parsers Hundreds

Whitebox Fuzzing David Molnar Microsoft Research Problem: Security Bugs in File Parsers Hundreds of file formats are supported in Windows, Office, et al. Many written in C/C++ Programming errors security bugs! Random choice of x: one

493 views • 35 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Preventing Security Bugs Through Software Design Christoph Kern, Google xtof@google.com The

Preventing Security Bugs Through Software Design Christoph Kern, Google xtof@google.com The

Preventing Security Bugs Through Software Design Christoph Kern, Google xtof@google.com The Same Bugs, Over and Over Again... SQL-injection, XSS, XSRF, etc -- OWASP Top 10 Root cause Inherently bug-prone APIs Developers are

313 views • 28 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
Protection & Security Threat is potential security violation Attack is attempt to

Protection & Security Threat is potential security violation Attack is attempt to

CSE 421/521 - Operating Systems The Security Problem Fall 2011 Protecting your system resources, your files, identity, confidentiality, or privacy Lecture - XXVI Intruders (crackers) attempt to breach security Protection &

437 views • 5 slides
THE DEVELOPMENT OF STRATEGIES TO MAINTAIN AND ENHANCE THE PROTECTION OF ECOSYSTEM SERVICES IN

THE DEVELOPMENT OF STRATEGIES TO MAINTAIN AND ENHANCE THE PROTECTION OF ECOSYSTEM SERVICES IN

The Biodiversity Resource Mobilisation (ResMob) project of the Ministry of Environment and Tourism (MET), in partnership with GiZ TEEB COUNTRY STUDY: THE DEVELOPMENT OF STRATEGIES TO MAINTAIN AND ENHANCE THE PROTECTION OF ECOSYSTEM SERVICES IN

589 views • 39 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
Enhance your guest experience. Partnered with: Rooam provides added protection against

Enhance your guest experience. Partnered with: Rooam provides added protection against

Enhance your guest experience. Partnered with: Rooam provides added protection against fraudulent transactions and provides our restaurants with a faster and more secure payment process. Using Rooams solution gives my stafg and me more

301 views • 12 slides
Race Conditions A common cause of security bugs Usually involve multiprogramming or

Race Conditions A common cause of security bugs Usually involve multiprogramming or

Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different threads of control operating in unpredictable fashion When programmer thought theyd work in a

649 views • 21 slides
Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison

Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison

Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison Qiushi Wu , Yang He, Stephen McCamant, and Kangjie Lu 1 Why do we need to identify security bugs? 2 Motivation The overwhelming number of bugs

1.12k views • 66 slides
RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU dependent and independent code Easy to Port Pluggable Scheduler Two level Interrupt Handling Small footprint Oskits Device

502 views • 19 slides
Soft Timers: Efficient Microsecond Software Timer Support for Network Processing Mohit Aron

Soft Timers: Efficient Microsecond Software Timer Support for Network Processing Mohit Aron

Soft Timers: Efficient Microsecond Software Timer Support for Network Processing Mohit Aron Peter Druschel Presenter: Christopher Head Problem: Network Bandwidth Bandwidth: 1Gbps MTU: 1518B Rate: ~82000 pps Period: ~12s ~=

379 views • 15 slides
OpenStack Operations Quick Ramp-up and Survival Guide Joshua Guan, Operations Engineer, IBM

OpenStack Operations Quick Ramp-up and Survival Guide Joshua Guan, Operations Engineer, IBM

OpenStack Operations Quick Ramp-up and Survival Guide Joshua Guan, Operations Engineer, IBM Bluemix Private Cloud, @joshuakwan Fan He, Architect, IBM Bluemix Private Cloud, @fancyhe Joshua Guan, Operations Lead Fan He, Cloud Architect IBM

562 views • 32 slides
Flexible Protocol Stack Framework : Design, Validation and Performance Tim Farnham 1 , Thorsten

Flexible Protocol Stack Framework : Design, Validation and Performance Tim Farnham 1 , Thorsten

O C U S T Flexible Protocol Stack Framework : Design, Validation and Performance Tim Farnham 1 , Thorsten Schler 2 SDR Forum Technical Conference November 2003 1 Toshiba Research Europe Ltd 2 Siemens AG Authors: Tim Farnham, Date:

601 views • 21 slides
Verifying the FreeRTOS Real-Time OS Deepak DSouza Department of Computer Science and

Verifying the FreeRTOS Real-Time OS Deepak DSouza Department of Computer Science and

How RTOS works ADTs and refinement in Z RTOS as an ADT Verification strategy Bugs found Verifying the FreeRTOS Real-Time OS Deepak DSouza Department of Computer Science and Automation Indian Institute of Science, Bangalore. Joint work

654 views • 41 slides
Biofilm Killer BIOSCIENCES LYON iGEM TEAM 2012 Context iGEM Synthetic Biology for Innovative

Biofilm Killer BIOSCIENCES LYON iGEM TEAM 2012 Context iGEM Synthetic Biology for Innovative

Biofilm Killer BIOSCIENCES LYON iGEM TEAM 2012 Context iGEM Synthetic Biology for Innovative Solutions competition Context Industrial biofilm issues Oil industry : Osli, Schlumberger Cosmetics: Gatefoss Enzyme-based cleaning solutions:

518 views • 51 slides
Scala and Go: A Comparison of Concurrency Features Brent Smith and Leon Gibson CSCI5828 Spring

Scala and Go: A Comparison of Concurrency Features Brent Smith and Leon Gibson CSCI5828 Spring

Scala and Go: A Comparison of Concurrency Features Brent Smith and Leon Gibson CSCI5828 Spring 2012 Comparison of Scala & Go's concurrency constructs By Brent Smith and Leon Gibson What does Scala and Go offer your company for a scalable

680 views • 63 slides
Enabling Customer Choice for RPP TOU Customers EB-2020-0152 Please mute yourself when

Enabling Customer Choice for RPP TOU Customers EB-2020-0152 Please mute yourself when

Enabling Customer Choice for RPP TOU Customers EB-2020-0152 Please mute yourself when entering the meeting. Participants will then be able to unmute themselves if they wish to speak. To ask questions or provide comments please use

319 views • 28 slides

More recommend