securing linux vms in a hosted environment
play

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com - PowerPoint PPT Presentation

Feb 12, 2023 •359 likes •559 views

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

  1. Securing Linux VMs in a Hosted Environment mikbras@microsoft.com

  2. Goal – attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). • Injecting code into the boot chain. • Stealing data from private disk volumes. • Spying on a VM’s memory. • Hacking a VM’s persistent state data. • Attaching a debugger to a VM.

  3. Non-Goal – attacks from within Improving protection of Linux from inside attacks (from Linux root processes) is not a goal of this effort.

  4. Our operating environment Windows Server 2016 introduces virtualization security features. • Hyper-V adds VM shielding. • Protects VM resources • Utilizes UEFI and virtual TPM 2.0 support • Windows OS enhanced to utilize VM shielding.

  5. What is VM shielding? Hyper-V defines a new “shielded mode” for running VMs. • VM memory is protected from privileged processes. • VM configuration is encrypted. • VM persistent execution state is encrypted. • Console access is disabled. • Debugger attachment is disabled. • Hyper-V verifies the first-stage bootloader via UEFI. • Windows OS secures boot chain and encrypts volumes.

  6. Main objective – Linux Shielded VMs (LSVM) To enhance Linux security so that Linux VMs may execute in shielded mode (rather than normal mode as they do today).

  7. Recap of Mechanisms for establishing trust 1. UEFI Secure Boot 2. Linux Secure Boot 3. TPM Measurements 4. Disk Encryption

  8. Lifecycle of a Linux VM Linux VHD 1 Template Gallery Secure Environment Templatization Provisioning Linux VHD (rekey and (install shielded Linux VHD Linux VHD 2 Template specialize) features) Linux VHD N

  9. Templatization 1. Install first-stage boot loader to ESP. 2. Encrypt boot partition with well-known key. 3. Encrypt root partition with well-known key. Linux VHD 4. Update initial ramdisk with unseal utility. Templatization Linux VHD Template 5. Generate partition signatures. 6. Install mini provisioning OS to ESP. 7. Publish template

  10. Provisioning Linux VHD 1 1. Boot into mini provisioning OS. 2. Contact central provisioning service. 3. Verify the publisher. 4. Verify partition signatures. Linux VHD Provisioning 5. Re-encrypt root partition with owner key. Linux VHD 2 Template 6. Re-encrypt root partition with owner key. 7. Seal boot and root keys with TPM. 8. Encrypt specialization data to ESP. 9. Remove mini provisioning OS from ESP. Linux VHD N 10. Boot into Linux VM for first time. 11. Perform specialization.

  11. The boot path TPM-unseal utility UEFI MBLOAD SHIM GRUB2 KERNEL INITRD INIT Encrypted Encrypted ESP Boot Root Partition Partition Partition TPM-sealed rootkey TPM-sealed bootkey New Modified Unmodified

  12. Boot steps 1. UEFI verifies and loads MBLOAD 2. MBLOAD unseals the bootkey (used to decrypt boot partition). 3. MBLOAD installs EFI I/O hooks (to capture all shim and GRUB I/O). 4. MBLOAD verifies and executes the shim (Microsoft UEFI CA). 5. The shim verifies and executes GRUB2. 6. GRUB2 executes the kernel with the initial ramdisk. 7. Initial ramdisk uses unseal utility to unseal root key and boot key.. 8. The initial ramdisk mounts these partitions. 9. System boot continues normally.

  13. Implications of last two slides 1. The Shim and GRUB2 are used as-is without modification. 2. Linux secure boot are preserved intact. 3. The Shim and GRUB2 are copied to the encrypted boot partition during templatization. 4. An unseal utility is copied into the initial ramdisk during templatization. 5. The initial ramdisk script that performs “luksOpen” is modified to use the rootkey, making boot non-interactive. 6. MBLOAD transparently redirects EFI I/O to the encrypted boot partition. 7. TPM 2.0 is used to unseal the boot and root keys. 8. No dependency on measurements of the kernel or initrd (simplifies kernel update).

  14. Why MBLOAD? • MBLOAD is the root of trust for Hyper-V (special certificate). • MBLOAD must protect Hyper-V as much as it must protect Linux. • MBLOAD must refuse to run in non-Hyper-V environments. • MBLOAD must leave the TPM PCRs in a state that cannot be used later to load and attack Windows. • MBLOAD’s basis of trust is encryption of the boot drive.

  15. Alternative configurations 1. MBLOAD may execute GRUB2 directly. 2. MBLOAD may execute the kernel + initrd directly. 3. Considering allowing Shim and GRUB2 to load from the ESP (rather than encrypted boot partition) depending on future Shim/GRUB2 features.

  16. MBLOAD Elements MBLOAD GPT EFI EXT2 VFAT TPM 2.0 Module I/O Hooks Layer Layer Stack EFI Image I/O Executor LUKS TCG 2.0 Layer Protocol Next-Stage TPM Bootloader EFI System Partition Encrypted Boot Partition (e.g., Shim) TPM-sealed bootkey TPM-sealed rootkey

  17. Known Limitations 1. MBLOAD currently only supports EXT2 boot partitions.

  18. Open-source licensing • Preparing to open-source current work. • Sources will be available on Github. • The license will probably be MIT.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing Linux Hyungjoon Koo and Anke Li Fall 2014:: CSE 506:: Section 2 (PhD) Outline

Securing Linux Hyungjoon Koo and Anke Li Fall 2014:: CSE 506:: Section 2 (PhD) Outline

Fall 2014:: CSE 506:: Section 2 (PhD) Securing Linux Hyungjoon Koo and Anke Li Fall 2014:: CSE 506:: Section 2 (PhD) Outline Overview Background: necessity & brief history Core concepts LSM (Linux Security Module)

1.39k views • 26 slides
Securing Automatic Voter Registration Data Webinar hosted by the Center for Technology and Civic

Securing Automatic Voter Registration Data Webinar hosted by the Center for Technology and Civic

Modernizing voter registration Securing Automatic Voter Registration Data Webinar hosted by the Center for Technology and Civic Life & the Center for Secure and Modern Elections May 30, 2019 1:00pm 1:45 Central Time 2 Hello, there!

308 views • 30 slides
securing the value of nature Overview A healthy, properly functioning natural environment is

securing the value of nature Overview A healthy, properly functioning natural environment is

NATURAL ENVIRONMENT WHITE PAPER The Natural Choice: securing the value of nature Overview A healthy, properly functioning natural environment is the foundation of sustained economic growth, prospering communities and personal wellbeing.

265 views • 9 slides
TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda

TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda

TM TomcatCon Securing Tomcat For Your Environment Mark Thomas TM Introduction TM Agenda Background Passwords and configuration files Threats Web applications Keeping up to date Policy and process Operating system

842 views • 28 slides
The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State

The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State

The Linux Environment Programming with C CSCI 112, Spring 2015 Patrick Donnelly Montana State University Linux Flavors There are many different distributions of the Linux operating systems. Some of the most popular are as follows: Ubuntu

373 views • 10 slides
Healthy and Sustainable Environment hosted by members of the THRIVE 2050 Environment Working Group

Healthy and Sustainable Environment hosted by members of the THRIVE 2050 Environment Working Group

Healthy and Sustainable Environment hosted by members of the THRIVE 2050 Environment Working Group How to Participate - Zoom This meeting will be recorded and shared on the website Everyone will be muted throughout the meeting If you

423 views • 26 slides
Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878

Securing Linux John Kristoff jtk@depaul.edu http://condor.depaul.edu/~jkristof/ +1 312 362-5878 DePaul University Chicago, IL 60604 NWU Security Day John Kristoff - DePaul University 1 Starting comments A mish-mash of

678 views • 32 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Hosted PBX What Is It? What Features Does It Have? How Will It Help My Business? Hosted

Hosted PBX What Is It? What Features Does It Have? How Will It Help My Business? Hosted

Hosted PBX What Is It? What Features Does It Have? How Will It Help My Business? Hosted PBX Hosted PBX delivers an enterprise-grade phone system to small and medium-sized businesses via the cloud. It lowers your costs , helps employees

779 views • 30 slides
Securing the Virtual Environment January 13, 2012 Nathaniel C. Gravel, CISA, CISM, CRISC Director

Securing the Virtual Environment January 13, 2012 Nathaniel C. Gravel, CISA, CISM, CRISC Director

Securing the Virtual Environment January 13, 2012 Nathaniel C. Gravel, CISA, CISM, CRISC Director Information Security Practice GraVoc Associates, Inc. Founded in 1994 Located in Peabody, MA Organized into 5 Practices

683 views • 27 slides
Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless

Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS PEAP-MSCHAPv2

278 views • 14 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment

Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment

Linux Standard Operating Environments What is an SOE? SOE - Standard Operating Environment Greatly reduces time to: deploy new hosts - because the best way to standardise is to automate. fix problems - because everything is built

835 views • 80 slides
Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS

417 views • 29 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
ELI Engineering's Linux Management Environment Timeline The Surge Started Jan 2014,

ELI Engineering's Linux Management Environment Timeline The Surge Started Jan 2014,

ELI Engineering's Linux Management Environment Timeline The Surge Started Jan 2014, Targeted End: Jan 2015 Real End: Summer 2015 (1.5 years) Standardized on CFEngine, Cobbler, SL6 TheLinux 2.0 What we called ELI

613 views • 49 slides
6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant

6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant

6.888 Lecture 6: Network Performance Isola8on Mohammad Alizadeh Spring 2016 1 Mul8-tenant Cloud Data Centers Shared infrastructure between mul8ple tenants/apps Lack of Performance Predictability GAE memcache read 100 values Unpredictable

730 views • 31 slides
Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel

Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel

Kata Containers Story of a container runtime Sbastien Boeuf, Software Engineer Intel Corporation Agenda Why Kata Containers? Acceptance Community growth Ecosystem influence Hypervisor flexible

958 views • 49 slides
Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with

Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with

Scheduling-Independence in SHIM Olivier Tardieu Columbia University, New York joint work with Prof. Stephen A. Edwards Software/Hardware Integration Medium SHIM is a concurrent programming language C/Java-like syntax and semantics for

478 views • 24 slides
uf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart Pernsteiner, James Wilcox, Zachary

uf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart Pernsteiner, James Wilcox, Zachary

uf: Minimizing the Coq Extraction TCB Eric Mullen , Stuart Pernsteiner, James Wilcox, Zachary Tatlock, Dan Grossman 1 Extraction 2 Extraction K coq 2 Extraction K coq 2 Extraction K coq Extraction 2 Extraction K coq Extraction K

1.3k views • 106 slides
WIDEX Working Group IETF 65 Chairs: David Bryan, Eunsoo Shim, Dean Willis Note Well Any

WIDEX Working Group IETF 65 Chairs: David Bryan, Eunsoo Shim, Dean Willis Note Well Any

WIDEX Working Group IETF 65 Chairs: David Bryan, Eunsoo Shim, Dean Willis Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the

779 views • 3 slides
A preliminary result on synchronization of heterogeneous agents via funnel control Stephan Trenn

A preliminary result on synchronization of heterogeneous agents via funnel control Stephan Trenn

A preliminary result on synchronization of heterogeneous agents via funnel control Stephan Trenn Technomathematics group, University of Kaiserslautern, Germany joint work with Hyungbo Shim (Seoul National University, Korea) 54th IEEE Conference

381 views • 21 slides
Haskell+STM Nalini Vasudevan Satnam Singh Objectives Goal: trying to encode various kinds of

Haskell+STM Nalini Vasudevan Satnam Singh Objectives Goal: trying to encode various kinds of

Cambridge, UK Multi-way Rendezvous in Haskell+STM Nalini Vasudevan Satnam Singh Objectives Goal: trying to encode various kinds of concurrency idioms in STM Haskell. Deterministic parallelism. Par/seq? Multi-way rendezvous

1.02k views • 18 slides
CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta

CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta

CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta Saha, Andrey Lukyanenko and Antti Yl-Jski Aalto University School of Science, Finland (Formerly, Helsinki University of Technology) Outline

443 views • 12 slides

More recommend