Virtual Machine Introspection Isolation Interpretation - - PowerPoint PPT Presentation

virtual machine introspection
SMART_READER_LITE
LIVE PREVIEW

Virtual Machine Introspection Isolation Interpretation - - PowerPoint PPT Presentation

Apr 30, 2023 26 likes •289 views

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

slide-1
SLIDE 1
slide-2
SLIDE 2

Virtual Machine Introspection

  • Isolation
  • Interpretation
  • Interposition
slide-3
SLIDE 3

Isolation

  • From in-guest kernel/userspace
  • Provided by Xen
  • Buggy emulation blurres the line
  • From trusted computing base (TCB)
  • Possible via Xen Security Modules
  • Move introspection system out from dom0!
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6

Interposition

  • Trap to Xen when something of interest

happens within the guest

  • Enable optional hardware traps
  • CLTS, HLT, LGDT, LIDT, LLDT, LTR, SGDT, MOV from

CR3, MOV from CR8, MOV to CR0, MOV to CR3, MOV to CR4, MOV to CR8, MOV DR, MWAIT, INT3, INT0, MTF, etc..

  • See full list in Intel SDM 3c 25.1.3
slide-7
SLIDE 7

Interposition

  • Change access

permissions in EPT

  • Trap violation into

Xen

  • R/W/X
  • With some caveats
slide-8
SLIDE 8

EPT caveats

“An EPT violation that occurs during as a result of execution of a read-modify-write

  • peration sets bit 1 (data write). Whether it

also sets bit 0 (data read) is implementation- specific and, for a given implementation, may differ for different kinds of read-modify- write operations.” - Intel SDM 3c

slide-9
SLIDE 9

EPT caveats

  • “Why can't the hardware report the true

characteristics right away?” - Jan Beulich

  • “when spec says so, there is a reason but I

can't tell here. :-)” - Kevin Tian

  • Well.. let's just mark all write volation as

read violation too..

  • Patched in Xen 4.5
slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12

altp2m

  • Add support for

multiple EPTs for second stage lookup!

  • One table for

“restricted view”

  • One table for “normal

view”

slide-13
SLIDE 13

altp2m

  • EPT pointer can be

swapped in the VMCS

  • No need to change

EPT PTE permissions all the time

  • No race condition
slide-14
SLIDE 14

Interposition

  • Once trapped to Xen, forward events
  • Formerly known as mem_event
  • Renamed and reworked as vm_event in 4.6
  • Request/response via shared memory ring
  • Monitor page used for VMI related events
  • Two additional pages: memory sharing and

paging

slide-15
SLIDE 15

vm_event & mem_access & monitor

  • Let's keep track of subsystem names
  • vm_event is the underlying request/response

mechanism

  • mem_access memops control EPT
  • monitor_op domctls control all other optional

VM execution traps

slide-16
SLIDE 16

Event delivery structures in 4.6

  • Defined in xen/vm_event.h public header
  • Easily extendable and versioned
  • No more hackery
  • Event response can trigger specific behavior

without additional hypercalls

  • Trigger emulation, singlestepping, swap altp2m...
slide-17
SLIDE 17

VMI with Xen on ARM

  • ARM has two-stage paging similar to EPT
  • mem_access implemented for 4.6
  • Some caveats:
  • No singlestepping?
  • Can be worked around but it's a pain
  • Split-TLB ambiguities
slide-18
SLIDE 18

ARM mem_access

  • ARM PTEs have fewer software

programmable bits as compared to EPT

  • ARM mem_access requires maintaining a

Radix-tree to keep track of PTEs with custom permissions

  • Radix-tree keyed with GPA
slide-19
SLIDE 19

ARM mem_access

  • For a 2nd stage violation ARM provides the

faulting GVA

  • GPA only provided if fault happened during

1st stage pagetable walk

  • Xen needs to translate GVA to GPA to

perform Radix-tree lookup

slide-20
SLIDE 20

ARM mem_access

  • Native CPU instructions to perform GVA to

GPA translation

  • Performs lookup as data-fetch access
  • What if we trapped an instruction-fetch

access?

  • In-guest translation hits iTLB
  • Xen hits dTLB
slide-21
SLIDE 21
  • Split-TLB is a real rootkit problem
  • ShadowWalker, MoRE, etc..
  • Guest can load the iTLB with rootkit page

and dTLB with benign page

  • Flushing the TLB does not help, iTLB

translation may be lost if PT no longer represents the cached translation

ARM Split-TLB problem

slide-22
SLIDE 22
  • Execution tracing with mem_access may be

problematic

  • Use Secure Monitor Call (SMC) instruction

injection!

  • Similar to 0xCC injection on x86
  • TODO

ARM future work

slide-23
SLIDE 23
  • altp2m is primarily designed to be used with

Intel #VE

  • VMCALL instruction to perform EPTP

switching from the guest

  • Hybrid VMI

x86 future work

slide-24
SLIDE 24
  • Why aren't we using git pulls?
  • Patches in mailinglist without branch-off point

specified

  • Carving patches from mbox is a pain
  • Start providing a public git branch for your

series!!

Lessons learnt

slide-25
SLIDE 25
  • Provide build-testing for the community
  • It's a waste of time to wait for review on

something that's broken

  • Check for style issues automatically?
  • Travis-CI is OK but can time-out on large series
  • https://github.com/tklengyel/xen/tree/travis

Lessons learnt

slide-26
SLIDE 26

Thanks!

Tamas K Lengyel

tamas@tklengyel.com tlengyel@novetta.com @tklengyel LibVMI http://libvmi.com DRAKVUF http://drakvuf.com