exterior using a dual vm based external shell for guest
play

EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS - PowerPoint PPT Presentation

Nov 29, 2023 •159 likes •559 views

Overview Our Approach Evaluations Conclusion EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery Yangchun Fu , Zhiqiang Lin Department of Computer Science The University of Texas at Dallas

  1. Overview Our Approach Evaluations Conclusion EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery Yangchun Fu , Zhiqiang Lin Department of Computer Science The University of Texas at Dallas March 17 th , 2013

  2. Overview Our Approach Evaluations Conclusion Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  3. Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  4. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 .. Product ‐ VM Product ‐ VM Product ‐ VM Virtualization Layer Hardware Layer

  5. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 Virtualization (i.e., hypervisor) [Popek and .. Goldberg, 1974] has pushed our computing paradigm Product ‐ VM Product ‐ VM Product ‐ VM from multi-tasking to multi-OS . Virtualization Layer Hardware Layer

  6. Overview Our Approach Evaluations Conclusion Virtualization Windows XP Linux Win ‐ 7 Virtualization (i.e., hypervisor) [Popek and .. Goldberg, 1974] has pushed our computing paradigm Product ‐ VM Product ‐ VM Product ‐ VM from multi-tasking to multi-OS . Virtualization Layer Consolidation, Migration, Hardware Layer Isolation ...

  7. Overview Our Approach Evaluations Conclusion Execution Mode

  8. Overview Our Approach Evaluations Conclusion Execution Mode

  9. Overview Our Approach Evaluations Conclusion Execution Mode

  10. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03]

  11. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03] Using a trusted, dedicated virtualization layer program to monitor the running VMs

  12. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) [Garfinkel et al, NDSS’03] Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics

  13. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics

  14. Overview Our Approach Evaluations Conclusion Virtual Machine Introspection (VMI) Using a trusted, dedicated virtualization layer program to monitor the running VMs Intrusion Detection Malware Analysis Memory Forensics EXTERIOR Ex ecute trusted utilities in SVM for t imely Guest-OS introsp e ction, (re)configu r at io n and r ecovery.

  15. Overview Our Approach Evaluations Conclusion The Semantic Gap in VMI ( [Chen and Noble HotOS’01]) View exposed by Virtual Machine Monitor is at low-level There is no abstraction and no APIs Need to reconstruct the guest-OS abstraction

  16. Outline Overview 1 Our Approach 2 Evaluations 3 Conclusion 4

  17. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox P User Space Kernel Space Guest VM (GVM)

  18. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM)

  19. Overview Our Approach Evaluations Conclusion Using a Dual-VM Architecture apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM) Virtual Machine Introspection Virtual Machine Configuration Intrusion Detection, Prevention (Recovery)

  20. Overview Our Approach Evaluations Conclusion Advantages apache mysql firefox ps netstat kill p P User Space User Space Kernel Space Kernel Space Secure VM (SVM) Guest VM (GVM) Isolation (SVM and GVM are isolated) Trustworthiness (trust code is running in secure VM) Automation (no need to develop introspection utilities) Security (enabling malware analysis, forensics...) Transparency (programmers write native program in SVM)

  21. Overview Our Approach Evaluations Conclusion Observation 1 execve("/sbin/sysctl",["sysctl", "-w","kernel..=1"],...) = 0 2 brk(0) = 0x604000 3 access("/etc/ld.so.nohwcap",F_OK) = -1 ENOENT 4 mmap(NULL, 8192, PROT_READ|.., -1,0) = 0x7f07b1749000 5 access("/etc/ld.so.preload",R_OK) = -1 ENOENT 6 open("/etc/ld.so.cache", O_RDONLY) = 3 ... 47 open("/proc/sys/kernel/randomize_va_space",O_WRONLY|...) = 3 48 fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 49 mmap(NULL, 4096, PROT_READ|.., -1, 0) = 0x7f07b1748000 50 write(3, "1\n", 2) = 2 51 close(3) = 0 ... 57 exit_group(0) = ? Syscall trace of running sysctl -w to turn on the address space randomization in Linux kernel 2.6.32

  22. Overview Our Approach Evaluations Conclusion Architecture Overview of EXTERIOR Memory Memory apache mysql firefox ps netstat kill D stack C user D global Outer-Shell P D heap User Space User Space Kernel Space Kernel Space D global D global Synchronization Primitive Synchronization Primitive D heap D heap mutex, spin_lock,… mutex, spin_lock,… Process/IO/Memory/ Process/IO/Memory/ D stack1 D stack2 D stackn D stack1 D stack2 D stackn Security Management Security Management Interrupt/Exception Interrupt/Exception Syscall n Syscall 2 Syscall n Syscall 1 Syscall 1 Syscall 2 Handler Handler Other System Other System Components and Drivers Components and Drivers Kernel Syscall Kernel Data Identification and Redirection Context Identification Xen/KVM/Vmware/VirtualBox/VirtualPC/HyperV /OpenVZ/QEMU Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM) Guest VM (GVM)

  23. Overview Our Approach Evaluations Conclusion The algorithms Memory ps netstat kill Outer-Shell User Space Kernel Space D global Synchronization Primitive D heap mutex, spin_lock,… Process/IO/Memory/ D stack1 D stack2 D stackn Security Management Interrupt/Exception Syscall n Syscall 1 Syscall 2 Handler Other System Components and Drivers Kernel Syscall Kernel Data Identification and Redirection Context Identification Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM)

  24. Overview Our Approach Evaluations Conclusion The algorithms Memory ps netstat kill Outer-Shell The Algorithm User Space Kernel Space 1: DynamicBinaryInstrumentation ( i ): D global Synchronization Primitive 2: if SysCallExecContext ( s ): D heap mutex, spin_lock,… 3: if SysCallRedirectable ( s ): 4: RedirectableDataTracking (i); 5: Process/IO/Memory/ for α in MemoryAddress (i): D stack1 D stack2 D stackn Security Management 6: if DataRead ( α ): Interrupt/Exception 7: PA ( α ) ← V2P ( α ) Syscall n Syscall 1 Syscall 2 Handler 8: Load ( PA ( α )) Other System 9: Components and Drivers else: 10: if Configuration : 11: Store ( PA ( α ) ) Kernel Syscall Kernel Data Identification 12: else : //Introspection and Redirection Context Identification 13: COW-Store( PA ( α ) ) Binary Translation Based GVM Memory Mapping Virtualization Layer and Address Resolution Secure VM (SVM)

  25. Overview Our Approach Evaluations Conclusion Mapping the GVM Memory Address

  26. Outline

  27. Overview Our Approach Evaluations Conclusion Effectiveness Effective? Category Utility Syntactics Semantics ps (1) ✗ � pstree (1) � ✗ lsmod (8) � � dmesg (1) � � Introspection vmstat (8) ✗ � netstat (8) � � lsof (8) ✗ � uptime (1) � ✗ df (1) ✗ � sysctl (8) � � Configuration route (8) � � hostname (1) � � chrt (1) � � renice (1) � � kill (1) � � Recovery rmmod (8) � �

  28. Overview Our Approach Evaluations Conclusion Performence Overhead

  29. Overview Our Approach Evaluations Conclusion Recovery Rootkit Targeted Function Pointer Succeed? adore-2.6 kernel global, heap object ✗ hookswrite IDT table � int3backdoor IDT table � kbdv3 syscall table � kbeast-v1 syscall table, tcp4_seq_show � mood-nt-2.3 syscall table � override syscall table � phalanx-b6 syscall table, tcp4_seq_show � rkit-1.01 syscall table � rial syscall table � suckit-2 IDT table � synapsys-0.4 syscall table �

  30. Overview Our Approach Evaluations Conclusion OS-Agnostic Testing Linux Kernel Release Date Transparent? Distribution Version Debian 4.0 2.6.26 2007-04-06 � Debian 5.0 2.6.28 2009-02-12 � Debian 6.0 2.6.32 2010-01-22 � Fedora-8 2.6.23 2007-11-08 � Fedora-10 2.6.27 2008-11-25 � Fedora-12 2.6.31 2009-11-17 � Fedora-14 2.6.35 2010-11-02 � Fedora-16 3.1.0 2011-11-08 � OpenSUSE-10.3 2.6.22 2007-10-04 � OpenSUSE-11.0 2.6.25 2008-06-19 � OpenSUSE-11.1 2.6.27 2008-12-18 � OpenSUSE-11.2 2.6.31 2009-11-12 � OpenSUSE-11.3 2.6.34 2010-07-15 � OpenSUSE-12.1 3.1.0 2011-11-16 � Ubuntu-8.04 2.6.24 2008-04-24 � Ubuntu-8.10 2.6.27 2008-10-30 � Ubuntu-9.04 2.6.28 2009-04-23 � Ubuntu-9.10 2.6.31 2009-10-29 � Ubuntu-10.04 2.6.32 2010-04-29 � Ubuntu-10.10 2.6.35 2010-10-10 � Ubuntu-11.04 2.6.38 2011-04-28 � Ubuntu-11.10 3.0.4 2011-10-13 �

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern

Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern

Dual Variety Singularities of dual varieties Cusp Component Node Component Singularities of Dual Varieties Associated to Exterior Representations Emre S EN Northeastern University November 20, 2017 Emre S EN Northeastern University

730 views • 33 slides
Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior

Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior

Exterior Marketability Requirements Exterior Marketability Exterior Marketability Exterior curb appeal is a year round concern Exterior curb appeal must be maintained even if property is out of grass cut season If the grass is

209 views • 6 slides
Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell

Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell

Shell Emanuele Valea <valea@lirmm.fr> LIRMM CNRS / Universit de Montpellier Shell It is the external layer of the Operating System It provides a communication link between the O.S. and user Interactive execution Script

887 views • 49 slides
POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage

POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage

POSS DESIGN PRESENTATION Aspen Square Improvements Scope EXTERIOR: Refresh Exterior Signage Strip & Stain Exterior Entry, Courtyard & Meeting Room Doors New Paint Scheme at Exterior Balcony Wood Siding & Metal Rail,

239 views • 4 slides
NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision

NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision

NARI Greater Dallas 2017 CotYs Residential Exterior Under $100,000 Exterior Makeover Vision & Design Solutions Our clients goal for this exterior makeover project was to transform the exterior this single story ranch into a modern or

142 views • 13 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership

EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership

EXTERNAL DEVELOPMENT LEADERSHIP Troy Elementary School External Development Leadership Standard 6 A school executive will design structures and processes that result in community engagement, support, and ownership. Be Our Guest

343 views • 17 slides
Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation:

Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation:

Bourne (Again) Shell CIS 218 Bourne Again Shell Current GNU LINUX BASH Shell documentation: http://www.gnu.org/software/bash/manual/bashref.html Bash is an acronym for Bourne - Again SHell. The Bourne shell is the traditional

947 views • 37 slides
Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell

More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell

More Linux Shell Scripts Fundamentals of Computer Science Outline Shells and Shell Scripts Shell Variables and the Environment Simple Shell Scripting More Advanced Shell Scripting Start-up Shell Scripts Shells and Shell

367 views • 17 slides
CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Spring 2020 Prof. Stephen Checkoway 1 What is the shell? Text-based interface to the operating system and to the file system User enters commands The shell runs the

425 views • 25 slides
CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof.

CS 241: Systems Programming Lecture 2. Introduction to Unix and the Shell Fall 2019 Prof. Stephen Checkoway 1 What is the shell? Text-based interface to the operating system and to the file system User enters commands The shell runs the

427 views • 23 slides
Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen-

Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen-

Departamento de Qumica Fsica y Analtica UNIVERSIDAD DE OVIEDO Dual sensor based on gold nanostructured Dual sensor based on gold nanostructured screen- -printed carbon electrodes for the printed carbon electrodes for the screen

167 views • 14 slides
CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU

CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU

Shell CSCE 625 TAMU CSCE 625: Artificial Intelligence Dr. Dylan Shell 1 Shell CSCE 625 TAMU 2 Shell CSCE 625 TAMU 3 Shell CSCE 625 TAMU 4 Shell CSCE 625 TAMU Pay attention to this: https://www.youtube.com/watch?v=vJG698U2Mvo 5 Shell

352 views • 8 slides
Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external

Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external

Database Systems External Sort Based on slides by Feifei Li, University of Utah Whats external sorting? n Problem: sort 1TB of data with 1GB of RAM. why not virtual memory? Swap involves expensive IOs 2 Using secondary storage

646 views • 30 slides
FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles,

FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles,

FARNSWORTH zach grzybowski exterior PROPOSAL example EXTERIOR MATERIALS travertine tiles, white steel, glass http://skippyleafblower.wordpress.com/ interior example INTERIOR MATERIALS wood cabinets, leather, chrome, rug, drapes, stainless

458 views • 19 slides
CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How

CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How

CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How to Attack : Exhausting shared resources L Flooding traffic to exhaust the bandwidth, memory, or CPU of a victim Spoof addresses to hide

971 views • 72 slides
Fingertips motion planning and force computation for dextrous manipulation N.Daoud, J.P.Gazeau,

Fingertips motion planning and force computation for dextrous manipulation N.Daoud, J.P.Gazeau,

IROS 2010 IROS 2010 Workshop On Workshop On Grasp Planning and Task Grasp Planning and Task Learning by Imitation Learning by Imitation Fingertips motion planning and force computation for dextrous manipulation N.Daoud, J.P.Gazeau,

287 views • 16 slides
Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5

Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5

Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5 Geography epic poems: the Iliad & the Homer !"#$%&$'())*+,$ Odyssey (each 28,000 lines) -*.$/%0,'*+,%0.$ set of values: courage &

389 views • 13 slides
Paulo Souza, Leonardo Borges, Piotr Luszczek, Stanimire Tomov, Jack Dongarra, Hartwig Anzt, Mark

Paulo Souza, Leonardo Borges, Piotr Luszczek, Stanimire Tomov, Jack Dongarra, Hartwig Anzt, Mark

Chris J. Newburn, Gaurav Bansal, Michael Wood, Luis Crivelli, Judit Planas, Alejandro Duran Paulo Souza, Leonardo Borges, Piotr Luszczek, Stanimire Tomov, Jack Dongarra, Hartwig Anzt, Mark Gates, Azzam Haidar, Yulu Jia, Khairul Kabir, Ichitaro

719 views • 23 slides
Current international discussion on regulating LAWS Current legal and political issues

Current international discussion on regulating LAWS Current legal and political issues

Current international discussion on regulating LAWS Current legal and political issues Prospects for an international treaty Broad scope underpinning discussion/concern: Systems that apply force through a process of matching sensor

484 views • 9 slides
Querencia Talk: Its a Dangerous (Cyber) World Dr. Bill Young Department of Computer Science

Querencia Talk: Its a Dangerous (Cyber) World Dr. Bill Young Department of Computer Science

Querencia Talk: Its a Dangerous (Cyber) World Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: August 26, 2014 at 10:46 Dr. Bill Young: 1 Dangerous Cyberworld What Id Like to Discuss The scope

808 views • 45 slides
Byzan&ne Fault Tolerance CS 425: Distributed Systems Fall 2011 Material drived from slides by

Byzan&ne Fault Tolerance CS 425: Distributed Systems Fall 2011 Material drived from slides by

Byzan&ne Fault Tolerance CS 425: Distributed Systems Fall 2011 Material drived from slides by I. Gupta and N.Vaidya 1 Reading List L. Lamport, R. Shostak, M. Pease, The Byzan&ne Generals Problem, ACM ToPLaS 1982. M.

624 views • 33 slides
Least branch hod pairs pairs Hod pair capturing and HOD . John R. Steel University of

Least branch hod pairs pairs Hod pair capturing and HOD . John R. Steel University of

Preliminaries Definition of least branch hod pair Comparison of least branch hod Least branch hod pairs pairs Hod pair capturing and HOD . John R. Steel University of California, Berkeley January 2017 Preliminaries Problem: Analyze HOD

1.23k views • 93 slides

More recommend