xen hypervisor security in vm isolation
play

Xen Hypervisor security in VM isolation Yanick de Jong 4 February - PowerPoint PPT Presentation

Mar 06, 2024 •307 likes •457 views

Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009 Research Question? What are the risks involved with merging Xen servers in different segments of the network and put all virtual machines together on one machine?

  1. Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009

  2. Research Question? What are the risks involved with merging Xen servers in different segments of the network and put all virtual machines together on one machine?

  3. Network Overview Internet Server LAN DMZ User LAN

  4. Network Overview Internet Server LAN & DMZ User LAN

  5. Subjects  Network  System  Disk allocation  Memory  Bridging  DMA  Conclusion

  6. Network  Defense in Depth  Least Privilege

  7. System (xen host)  Single point of Failure  Increase complexity

  8. Virtual Machine  Less risks  Easy to restore

  9. Disk Allocation  Writing outside allocated virtual machine diskspace

  10. Memory  Writing into memory  Reading memory  Reading memory from checkpointfile

  11. Bridging  All VM's on the same bridge  VM's connected to physical networkcards  VM's connected with vlan

  12. DMA  Example – Reading memory (RAM) through the firewire port

  13. Conclusion  Network  Defense in Depth  Least Privilege  Single point of failure  Xen host

  14. Questions ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture Dom0 VMs QEMU Xen Scheduler MMU vPIC Memory CPUs I/O HW Emulation in hypervisor For performance Examples: Interrupt controller

859 views • 20 slides
Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wrner and Thorsten Holz Chair for Systems Security Ruhr-Universitt Bochum Motivation Hypervisor Motivation Hypervisor VM 1 VM 2

688 views • 53 slides
Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication Introduction to Computer Security Announcements intermission Day 9: OS security basics Stephen McCamant Basics of access control University of Minnesota,

269 views • 8 slides
Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor Authors

Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor Authors

Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor Authors Department of Computer Computer Science, University of British Columbia Patrick Colp Mihi Nanavati William Aiello Andrew Warfield

478 views • 45 slides
VirtualBoxes A close look at a desktop hypervisor Niklas Baumstark WHOIS Security researcher

VirtualBoxes A close look at a desktop hypervisor Niklas Baumstark WHOIS Security researcher

Unboxing your VirtualBoxes A close look at a desktop hypervisor Niklas Baumstark WHOIS Security researcher and student Pwn2Own 17 & 18 (VirtualBox in 18) CTF player & orga with KITCTF and Eat Sleep Pwn Repeat

824 views • 45 slides
Institute for Cyber Security A Formal Model for Isolation Management in Cloud

Institute for Cyber Security A Formal Model for Isolation Management in Cloud

Institute for Cyber Security A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 15-17, 2014 NSS

146 views • 13 slides
Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable Isolation Dan Ports Kevin Grittner MIT Wisconsin Court System Saturday, May 21, 2011 1 Overview Serializable isolation makes it easier to reason

922 views • 60 slides
Outline OS protection and isolation (contd) CSci 5271 OS security: authentication

Outline OS protection and isolation (contd) CSci 5271 OS security: authentication

Outline OS protection and isolation (contd) CSci 5271 OS security: authentication Introduction to Computer Security Basics of access control OS authentication and access control (combined lecture) Announcements, Ex. 1 debrief Stephen

440 views • 11 slides
Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori

Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori

Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori Andrew Theurer Michael Hohnbaum Real-world Hypervisor Applications Make more efficient use of expensive hardware Server Consolidation

633 views • 24 slides
Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE

Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE

USE IMPROVE EVANGELIZE Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE EVANGELIZE Agenda Hypervisors 101 Introduction to Sun TM xVM Hypervisor Use Cases Using the hypervisor

731 views • 36 slides
CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck

CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck

CopyCat: Controlled Instruction-Level Attacks on Enclaves Daniel Moghimi Jo Van Bulck Nadia Heninger Frank Piessens Berk Sunar Intel Labs Sept. 10 2020 OS/Hypervisor Security Model App App App OS Trusted Hypervisor

1.13k views • 67 slides
ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating auxiliary isolation rooms (CDC) SCRUBBERS - 1 ea to serve patient room, and 1 for Airlock Typically deployed on supplied wheel platform

144 views • 3 slides
Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation

Virtual Machine Introspection Isolation Interpretation Interposition Isolation From in-guest kernel/userspace Provided by Xen Buggy emulation blurres the line From trusted computing base (TCB) Possible via Xen

286 views • 26 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof.

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof.

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof. Nadim Kobeissi Operating 3.3a System Security Basics 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Operating systems:

417 views • 24 slides
2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation & Restoration Manual Fault Isolation & Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners Association Adam Huckle 27 March 2019 Overview What is Privilege? Types: Legal Advice Privilege Litigation Privilege Recent cases

226 views • 18 slides
Corporation $405,180,000* Subordinated Excise Tax Revenue & Revenue Refunding Bonds, Series

Corporation $405,180,000* Subordinated Excise Tax Revenue & Revenue Refunding Bonds, Series

City of Phoenix Civic Improvement Corporation $405,180,000* Subordinated Excise Tax Revenue & Revenue Refunding Bonds, Series 2020 Subordinated Excise Tax Subordinated Excise Tax Subordinated Excise Tax Revenue Bonds Revenue Bonds

447 views • 26 slides
Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the

Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the

Healthcare: Is the Cyber Threat Real? President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation..!Whitehouse.gov Dr. Emma Garrison-Alexander Vice Dean, Cybersecurity

355 views • 8 slides
Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos

Cyber-Physical System Security Alia Long Advanced Research in Cyber Systems (ARCS) Los Alamos National Laboratory LA-UR-17-27644 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA A Cyber-Physical Model

837 views • 7 slides
Powering Flexible Payments in the Cloud with Kubernetes whoami Ana Calin Systems Engineer

Powering Flexible Payments in the Cloud with Kubernetes whoami Ana Calin Systems Engineer

Powering Flexible Payments in the Cloud with Kubernetes whoami Ana Calin Systems Engineer @Paybase Twitter: @AnaMariaCalin 3 01 whoami 02 About Paybase 03 Things weve achieved so far 04 Our tech stack Table of Contents 05

970 views • 37 slides
Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c

Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c

11/11/2019 Da ta Bre a c h! No w Wha t? Jo hn E . L a nde , CIPP/ US Sha re ho lde r Dic kinso n, Ma c ka ma n, T yle r & Ha g e n, P.C. E thic s Compe te nc e A la wye r sha ll pr ovide c ompe te nt r e pr e se ntation to a c

153 views • 11 slides
ATTORNEYS & PRIVILEGED COMMUNICATIONS Wes Bearden, CEO Attorney & Licensed Investigator

ATTORNEYS & PRIVILEGED COMMUNICATIONS Wes Bearden, CEO Attorney & Licensed Investigator

INVESTIGATIONS, ATTORNEYS & PRIVILEGED COMMUNICATIONS Wes Bearden, CEO Attorney & Licensed Investigator Bearden Investigative Agency, Inc. www.beardeninvestigations.com PRIVILEGE KEY POINTS WE ALL KNOWRIGHT? Purpose is to

540 views • 19 slides
Raising Self-Awareness & Self-Examination to Deepen Cultural Humility Enedelia Sauceda, PhD,

Raising Self-Awareness & Self-Examination to Deepen Cultural Humility Enedelia Sauceda, PhD,

Raising Self-Awareness & Self-Examination to Deepen Cultural Humility Enedelia Sauceda, PhD, Licensed Psychologist Pronouns: she/her(s) Arlene Rivero-Carr, PhD, Licensed Psychologist Pronouns: she/her(s) Assumptions We all benefit from

473 views • 13 slides

More recommend