secure computer organization and system design
play

Secure Computer Organization and System Design (lecture 11) - PowerPoint PPT Presentation

Mar 11, 2024 •225 likes •1.04k views

Secure Computer Organization and System Design (lecture 11) Jean-Pierre Seifert Quality Engineering University of Innsbruck 1 30.01.14 Virtual Machines and Security 1. The Confinement Problem and Isolation 2. What are Virtual Machines and

  1. Secure Computer Organization and System Design (lecture 11) Jean-Pierre Seifert Quality Engineering University of Innsbruck 1 30.01.14

  2. Virtual Machines and Security 1. The Confinement Problem and Isolation 2. What are Virtual Machines and hypervisors? 3. Virtual Machines, VMM’s and Security 4. Secure Virtualization on x86? 5. Questions 2 30.01.14

  3. The Confinement Problem and Isolation What are Virtual Machines and hypervisors? Virtual Machines, VMM’s and Security Secure Virtualization on x86? Questions The Confinement Problem and Isolation 3 30.01.14

  4. The Confinement Problem and Isolation What are Virtual Machines and hypervisors? Virtual Machines, VMM’s and Security Secure Virtualization on x86? Questions What are Virtual Machines and hypervisors? 4 30.01.14

  5. The Confinement Problem and Isolation What are Virtual Machines and hypervisors? Virtual Machines, VMM’s and Security Secure Virtualization on x86? Questions Virtual Machines, VMM’s and Security 5 30.01.14

  6. The Confinement Problem and Isolation What are Virtual Machines and hypervisors? Virtual Machines, VMM’s and Security Secure Virtualization on x86? Questions Secure Virtualization on x86? 6 30.01.14

  7. The Renaissance of Virtualization 1970s: virtual machines first used 1990s: x86 becomes prominent server platform No vertical integration in x86 Lack of enterprise features in commodity OSs 1999: VMWare first product to virtualize x86 2006: AMD and Intel offer hardware support 7 30.01.14

  8. Secure Virtualization on x86 8 30.01.14

  9. VMM Characteristics and Layers 9 30.01.14

  10. VMM Characteristics and Layers 10 30.01.14

  11. VMM Characteristics and Layers A VMM normally has three generic modules: dispatcher, allocator, and interpreter. 1. A jump to the dispatcher is placed in every location to which the machine traps. The dispatcher then decides which of its modules to call when a trap occurs. 2. The second type of module is the allocator. If a VM tries to execute a privileged instruction that would change the resources of the VM’s environment, the VM will trap to the VMM dispatcher. The dispatcher will handle the trap by invoking the allocator that performs the requested resource allocation according to VMM policy. A VMM has only one allocator module, however, it accounts for most of the complexity of the VMM. It decides which system resources to provide to each VM, ensuring that two different VM’s do not get the same resource. 3. The final module type is the interpreter. For each privileged instruction, the dispatcher will call an interpreter module to simulate the effect of that instruction. This prevents VMs from seeing the actual state of the real hardware. Instead they see only their virtual machine state. 11 30.01.14

  12. VMM requirements 12 30.01.14

  13. VMM requirements When executing in a virtual machine, some processor instructions can not be executed directly on the processor. These instructions would interfere with the state of the underlying VMM or host OS and are called sensitive instructions. The key to implementing a VMM is to prevent the direct execution of sensitive instructions. Some sensitive instructions in the Intel Pentium architecture are privileged, meaning that if they are not executed at most privileged hardware domain, they will cause a general protection exception. Normally, a VMM is executed in privileged mode and a VM is run in user mode; when privileged instructions are executed in a VM, they cause a trap to the VMM. If all sensitive instructions of a processor are privileged, the processor is considered to be “virtualizable:” • then, when executed in user mode, all sensitive instructions will trap to the VMM. After trapping, the VMM will execute code to emulate the proper behavior of the privileged instruction for the virtual machine. However, if sensitive, non-privileged instructions exist, it may be necessary for the VMM to examine all instructions before execution to force a trap to the VMM when a sensitive, non- privileged instruction is encountered 13 30.01.14

  14. Type I VMM requirements 14 30.01.14

  15. Type II VMM requirements 15 30.01.14

  16. Pentium Architecture and VMMs 16 30.01.14

  17. Pentium Architecture and VMMs All of these still apply to the Intel Pentium architecture. It has four modes of operation, known as rings, or current privilege level (CPL), 0 through 3. • Ring 0, the most privileged, is occupied by operating systems. • Application programs execute in Ring 3, the least privileged. The Pentium also has a method to control transfer of program execution between privilege levels so that non privileged tasks can call privileged system routines: • the call gate . The Pentium also uses both paging and segmentation to implement its protection mechanisms. Finally, the Pentium uses both interrupts and exceptions to allow the I/O system to communicate with the CPU. The architecture has 16 predefined interrupts and exceptions and 224 user-defined, or maskable interrupts. 17 30.01.14

  18. Pentium Architecture and VMMs Despite these features, the ability of the Pentium architecture to support virtualization is likely to be serendipitous as the processor was not explicitly designed to support virtualization. Every documented instruction for the Intel Pentium was analyzed for its ability to support virtualization. Any instruction in the processor’s instruction set that violates rule 1, 2, 3 (3A, 3B, 3C, or 3D) will preclude the processor from running a Type I or Type II VMM. • Additionally, any instruction that violates rule 2, 3A in its weaker form, 3B, 3C, or 3D prevents the processor from running an HVM. By combining these two statements, one can see that any instruction that violates rule 2, 3A in its weaker form, 3B, 3C, or 3D makes the processor non- virtualizable. 18 30.01.14

  19. Pentium Architecture and VMMs With respect to the VMM hardware requirements listed above, Intel meets all three of the main requirements for virtualization. Requirement 1: The method of executing non-privileged instructions must be roughly equivalent in both privileged and user mode. Intel meets this requirement because the method for executing privileged and non-privileged instructions is the same. The only difference between the two types of instructions in the Intel architecture is that privileged instructions cause a general protection exception if the CPL is not equal to 0. 19 30.01.14

  20. Pentium Architecture and VMMs Requirement 2: There must be a method such as a protection system or an address translation system to protect the real system and any other VMs from the active VM. Intel uses both segmentation and paging to implement its protection mechanism. Segmentation provides a mechanism to divide the linear address space into individually protected address spaces (segments). Segments have a descriptor privilege level (DPL) ranging from 0 to 3 that specifies the privilege level of the segment. The DPL is used to control access to the segment. Using DPLs, the processor can enforce boundaries between segments to control whether one program can read from or write into another program’s segments. 20 30.01.14

  21. Pentium Architecture and VMMs Requirement 3: There must be a way to automatically signal the VMM when a VM attempts to execute a sensitive instruction. It must also be possible for the VMM to simulate the effect of the instruction. The Intel architecture uses interrupts and traps to redirect program execution and allow interrupt and exception handlers to execute when a privileged instruction is executed by an unprivileged task. However, the Pentium instruction set contains sensitive, unprivileged instructions. The processor will execute unprivileged, sensitive instructions without generating an interrupt or exception. Thus, a VMM will never have the opportunity to simulate the effect of the instruction. 21 30.01.14

  22. Pentium problems and VMMs After examining each member of the Pentium instruction set, it was found that 17 violate Requirement 3. All 17 instructions violate either part B or part C of Requirement 3 and make the Intel processor non- virtualizable. To construct a truly virtualizable Pentium chip one must focus on these instructions. Requirement 3: There must be a way to automatically signal the VMM when a VM attempts to execute a sensitive instruction. It must also be possible for the VMM to simulate the effect of the instruction. 22 30.01.14

  23. 23 30.01.14

  24. SGDT, SIDT, and SLDT Instructions The IA-32 registers GDTR, IDTR, LDTR, and TR contain pointers to data structures that control CPU operation. Software can execute the instructions that write to, or load , these registers (LGDT, LIDT, LLDT, and LTR) only at privilege level 0. However, software can execute the instructions that read, or store , from these registers (SGDT, SIDT, SLDT, and STR) at any privilege level. If the VMM maintains these registers with unexpected values, a guest OS using the latter instructions could determine that it does not have full control of the CPU. Therefore, a Type I VMM or Type II VMM must provide each VM with its own virtual set of IDTR, LDTR, and GDTR registers. 24 30.01.14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 104 Computer Organization and Design Exceptions and Interrupts CS104: IO 1 IO: Interacting

CS 104 Computer Organization and Design Exceptions and Interrupts CS104: IO 1 IO: Interacting

CS 104 Computer Organization and Design Exceptions and Interrupts CS104: IO 1 IO: Interacting with the outside world Input and Output Devices App App App System software Video Disk Mem CPU I/O Keyboard Sound

536 views • 39 slides
ECE232: Hardware Organization and Design Lecture 7: Binary Numbers and Adders Adapted from

ECE232: Hardware Organization and Design Lecture 7: Binary Numbers and Adders Adapted from

ECE232: Hardware Organization and Design Lecture 7: Binary Numbers and Adders Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Computer Organization 5 classic components of any computer Computer Processor

507 views • 14 slides
ECE232: Hardware Organization and Design Lecture 29: Computer Input/Output Adapted from Computer

ECE232: Hardware Organization and Design Lecture 29: Computer Input/Output Adapted from Computer

ECE232: Hardware Organization and Design Lecture 29: Computer Input/Output Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Announcements ECE Honors Exhibition Wednesday, April 30 3:00-4:00 PM M5

633 views • 24 slides
Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential Management in a Secure VANET) Supervisor: MSc Thesis: Prof. Panos Papadimitratos Mohammad Khodaei LCN KTH October, 2012 1 / 38 Outline

519 views • 48 slides
Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo

Secure and Trustworthy Cyber-Physical System Design: A Cross-Layer Perspective Pierluigi Nuzzo Ming Hsieh Department of Electrical and Computer Engineering University of Southern California, Los Angeles nuzzo@usc.edu In Honor of Alberto

603 views • 23 slides
ECE232: Hardware Organization and Design Lecture 23: Associative Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 23: Associative Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 23: Associative Caches Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Overview Last time: Direct mapped cache Pretty simple to understand Every memory

334 views • 17 slides
SAFE is a clean-slate effort to build a highly secure computer system, via simultaneous

SAFE is a clean-slate effort to build a highly secure computer system, via simultaneous

SAFE is a clean-slate effort to build a highly secure computer system, via simultaneous co-design of a new computer architecture, systems software, application software, and programming languages. The SAFE architecture has several

720 views • 61 slides
Chapter 1 : Computer Science Class XI ( As per CBSE Board) Computer System & Organization

Chapter 1 : Computer Science Class XI ( As per CBSE Board) Computer System & Organization

Chapter 1 : Computer Science Class XI ( As per CBSE Board) Computer System & Organization New Syllabus 2019-20 Visit : python.mykvs.in for regular updates Introduction A computer is an electronic device, under the control of

667 views • 38 slides
Computer System Design Depth in ECE Computer System Design Depth Qualcomm Snapdragon 845 Mobile

Computer System Design Depth in ECE Computer System Design Depth Qualcomm Snapdragon 845 Mobile

Computer System Design Depth in ECE Computer System Design Depth Qualcomm Snapdragon 845 Mobile Processor ECE 16: Rapid HW/SW Design (Embedded Software) ECE 141AB: Software Foundations ECE 25: (Application Software) Intro Digital Design

137 views • 3 slides
ECE232: Hardware Organization and Design Lecture 21: Memory Hierarchy Adapted from Computer

ECE232: Hardware Organization and Design Lecture 21: Memory Hierarchy Adapted from Computer

ECE232: Hardware Organization and Design Lecture 21: Memory Hierarchy Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Overview Ideally, computer memory would be large and fast Unfortunately, memory

335 views • 21 slides
ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer

ECE232: Hardware Organization and Design Lecture 22: Introduction to Caches Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Overview Caches hold a subset of data from the main memory Three types of caches

710 views • 25 slides
ECE232: Hardware Organization and Design Lecture 9: Floating Point Adapted from Computer

ECE232: Hardware Organization and Design Lecture 9: Floating Point Adapted from Computer

ECE232: Hardware Organization and Design Lecture 9: Floating Point Adapted from Computer Organization and Design , Patterson & Hennessy, UCB Floating Point Representation for non-integral numbers Including very small and very large

256 views • 24 slides
Todays Agenda Course overview and administrivia What is computer organization anyway?

Todays Agenda Course overview and administrivia What is computer organization anyway?

Todays Agenda Course overview and administrivia What is computer organization anyway? CIS 371 and the forces that drive it Digital Systems Organization and Design Motivational experiments Computer Unit 1: Introduction

791 views • 21 slides
CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur

CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur

CS31001 COMPUTER ORGANIZATION AND ARCHITECTURE Debdeep Mukhopadhyay, CSE, IIT Kharagpur References/Text Books Theory: Computer Organization and Design, 4th Ed, D. A. Patterson and J. L. Hennessy Computer Architceture and

573 views • 11 slides
CS 3410 Computer System Organization and Programming Guest Lecture: I/O Devices Christopher

CS 3410 Computer System Organization and Programming Guest Lecture: I/O Devices Christopher

CS 3410 Computer System Organization and Programming Guest Lecture: I/O Devices Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University Spring 2012 I/O Device Overview Programmed I/O

274 views • 12 slides
CS 104 Computer Organization and Design Exceptions and Interrupts CS104: Exceptions and

CS 104 Computer Organization and Design Exceptions and Interrupts CS104: Exceptions and

CS 104 Computer Organization and Design Exceptions and Interrupts CS104: Exceptions and Interrupts 1 Exceptions and Interrupts Interrupts: App App App System software Notification of external events Exceptions: Mem CPU I/O

1.03k views • 26 slides
Data Assimilation in a Two Neuron Network Anna Miller University of California San Diego

Data Assimilation in a Two Neuron Network Anna Miller University of California San Diego

Data Assimilation in a Two Neuron Network Anna Miller University of California San Diego December 7, 2017 Data Assimilation Objective Combine a theoretical model with experimental data to estimate physical properties of the system d x ( t

542 views • 19 slides
DUNE PHYSICS GOALS Elizabeth Worcester (BNL) Module of Opportunity for DUNE Workshop November

DUNE PHYSICS GOALS Elizabeth Worcester (BNL) Module of Opportunity for DUNE Workshop November

DUNE PHYSICS GOALS Elizabeth Worcester (BNL) Module of Opportunity for DUNE Workshop November 12, 2019 DUNE Overview Measure n e appearance and n disappearance in a wideband neutrino beam at 1300 km to measure mass ordering, CP violation,

363 views • 19 slides
Managing Xen with SmartFrog CERN openlab II quarterly review 31 January 2007 Preview of

Managing Xen with SmartFrog CERN openlab II quarterly review 31 January 2007 Preview of

Managing Xen with SmartFrog CERN openlab II quarterly review 31 January 2007 Preview of VHPC07 Xavier Grehant Focus On-demand execution environments must be: Virtual Distributed Configurable Composable For batch

402 views • 13 slides
The two-phase problem for harmonic measure in VMO Xavier Tolsa 23 August 2019 X. Tolsa (ICREA /

The two-phase problem for harmonic measure in VMO Xavier Tolsa 23 August 2019 X. Tolsa (ICREA /

The two-phase problem for harmonic measure in VMO Xavier Tolsa 23 August 2019 X. Tolsa (ICREA / UAB) Two-phase problem for harmonic measure 23 August 2019 1 / 22 Rectifiability E R n +1 is n -rectifiable if it is H n -a.e. contained in a

1.07k views • 78 slides
Boundary Harnack inequalities for operators of p-Laplace type Kaj Nystrm (joint work with John

Boundary Harnack inequalities for operators of p-Laplace type Kaj Nystrm (joint work with John

Boundary Harnack inequalities for operators of p-Laplace type Kaj Nystrm (joint work with John Lewis) Ume University, Sweden Boundary Harnack inequalities for operators of p-Laplace type The p -Laplace operator G R n bounded domain, 1

405 views • 23 slides
#$%&'()$*+!,-./'(0!*.)1,/23!1$)4! F;2*,1'.:+.%.*)3 5../#$% !

#$%&'()$*+!,-./'(0!*.)1,/23!1$)4! F;2*,1'.:+.%.*)3 5../#$% !

#$%&'()$*+!,-./'(0!*.)1,/23!1$)4! F;2*,1'.:+.%.*)3 5../#$% ! G4.3.!3'$:.3!(/.!H(3.:!,*!)4,3.!2$*:'0!9/,-$:.:! H0!F*:/.(!6(/;,77$ 6,/.*,!6(/7,''( ! 5(/)!,>!)4$3!%()./$('!$3!)(2.*!>/,%!)4.! 9/.3.*)()$,*!I

152 views • 13 slides
Nonlinear aspects of Calder on-Zygmund theory Giuseppe Mingione Ancona, June 7 2011 Giuseppe

Nonlinear aspects of Calder on-Zygmund theory Giuseppe Mingione Ancona, June 7 2011 Giuseppe

Nonlinear aspects of Calder on-Zygmund theory Giuseppe Mingione Ancona, June 7 2011 Giuseppe Mingione Nonlinear aspects of Calder on-Zygmund theory Overture: The standard CZ theory Consider the model case in R n u = f Giuseppe

888 views • 59 slides
A study of speaker adaptation for DNN-based speech synthesis Zhizheng Wu, Pawel Swietojanski,

A study of speaker adaptation for DNN-based speech synthesis Zhizheng Wu, Pawel Swietojanski,

A study of speaker adaptation for DNN-based speech synthesis Zhizheng Wu, Pawel Swietojanski, Christophe Veaux, Steve Renals, Simon King The Centre for Speech Technology Research (CSTR) University of Edinburgh, United Kingdom Background A

627 views • 16 slides

More recommend