SlideShare una empresa de Scribd logo

µ-Xen

Descargar como PPTX, PDF
The Linux Foundation
The Linux Foundation

This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages. The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.

Tecnología
1 de 21
® µ-Xen Ian Pratt SVP, Products Bromium Inc. 1
Outline ® • µ-Xen Goals • Architecture and implementation • Evolutionary path • Use case: Bromium end-point security 2
The µ-Xen Client Hypervisor ® • Derived from the Xen code base • Designed to address client hypervisor deployment challenges • Designed to achieve a high-degree of security assurance • No requirement to support legacy s/w or h/w • Optimized to support micro-virtualization • Evolution to a new class of hypervisor 3
Evolution to a new class of hypervisor ® • Start with a self-contained type-2 – Host kernel module containing µ-Xen blob – Well-defined interface to/from the host • Memory allocation, Schedule VCPUs, Timers, Events • Similar to hXen project – Windows, OS X; easily portable – µ-Xen drives VT hardware, leaves IO and other hardware to host OS 4
µ-Xen streamlines Xen code base ® • x64 only • No support for systems that are not VTx/EPT or AMDV/NPT capable • No support for PV MMU guests • Significant code size reductions • No compat code • Separate build target • Future: slim down instruction emulator 5
µ-Xen virtual IO ® • µ-Xen demultiplexes IORecs and events to multiple host processes per VM – Able to have separate video, audio, disk, net etc processes – Helps scheduling latency, enables better exploitation mitigation lock-down • Use just the relevant parts of QEMU • User-space PV backend drivers • Post-boot virtual IO device revocation 6
Support for large numbers of similar VMs ® • Support for VM fork – Simple extension of Populate on Demand code • Tree of templates/VMs supported • PV driver support for re-sharing free pages • IO tracking to re-share swapped and re-read pages 7
Evolution to a new class of hypervisor ® • Goal: host is responsible for resource allocation, but can not interfere with the privacy or integrity of the hypervisor or other guests, e.g.: – Hypervisor asks host for memory, receives it, then removes host access to it – Host may perform IO on behalf of hypervisor and guests, but must be privacy and integrity protected – Host may deny service, crash; IO tamper detectable 8
De-privilege host into a VT container ® • Remove host access to hypervisor and guest memory in EPT tables – h/w devices passed through to host, VTd protected • Device models can only access Granted memory – Require PV network and disk as no virtual DMA – Guest IO buffers encrypted/authenticated before grant copy/map • Save/restore, dom builder must first have guest memory encrypted/authenticated by hypervisor – Hypervisor paging requires similar treatment 9
Further Enhanced Security ® • Migrate certain host h/w devices to ownership by hypervisor or privileged guest(s), replace with virtual device – E.g. Keyboard controller to avoid key logging – Possibly WiFi/NIC too • Measured launch of hypervisor – TXT/TPM to establish DRoT – Remote attestation of hypervisor configuration 10
Task-based Micro-virtualization
The Challenge
What Went Wrong?  Poor Isolation leads to Vulnerability  Multi-tenancy of code (& data) from a huge set of trust sources  Code & Data are executed in the context of a few, weakly organized and poorly isolated “bins” representing levels of trust - e.g. UID, GID, PID  Overloaded, complex specs & buggy implementations of porous interfaces  Thus malware can:  Access data and documents in the same “bin”  Subvert other good code that is placed into the same “bin”  Use another bug in an App or OS to elevate its privilege
Why Legacy Security Solutions Fail Black-listing: Detection is not protection  Doesn’t protect users from zero day attacks  Unable to detect targeted & advanced malware White-listing: Restriction is not protection  Users want to be productive  Attackers can compromise trusted applications and web sites
The Challenge Bromium Confidential 15 Bromium Confidential
The Micro-Virtualization Approach Next generation endpoint security A pragmatic approach to trusted computing Based on hardware based isolation and not detection  Contain risky activity from corporate data and network  Block zero day and polymorphic threats Provides isolation & trust through hardware virtualization
Lightweight, fast, Virtualizes vulnerable hidden, with an tasks within a single unchanged native UX Windows desktop Small code base for Hypervisor I/O Virtualization (VT-d) maximum security TXT & TPM based hardware root of Hardware Virtualization trust (VT-x)
The Microvisor isolates vulnerable tasks from Windows, each other & key system resources Windows and IT Micro-VMs have provisioned apps “least privilege” are trusted access to files, Each vulnerable task networks & devices, is instantly isolated and execute CoW in a micro-VM, invisible to the user
Key Threat Vectors Are Isolated Web Browsing E-mail Attachments External Documents USB files
Conclusions ® • µ-Xen is targeted at client systems • Combines ease of deployment with useful security properties • Enables task-based micro-virtualization, allowing mandatory access control to be retrofitted to commodity client OSes • We’re hiring! Please email ian@bromium.com 21

Recomendados

Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Network security
Network securityNetwork security
Network securityRaaz Karkee
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 

Recomendados

Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Network security
Network securityNetwork security
Network securityRaaz Karkee
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Memory Dump
Memory DumpMemory Dump
Memory Dumpniteshitimpulse
 
2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoring2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoringchrissanders88
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security EngineeringMd. Hasan Basri (Angel)
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Vishnu Kesarwani
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: WannacryMikel Solabarrieta
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry RansomwareZoho Corporation
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 

Más contenido relacionado

La actualidad más candente

DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
 
2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoring2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoringchrissanders88
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Vishnu Kesarwani
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 

La actualidad más candente (20)

DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
 
Firewall
Firewall Firewall
Firewall
 
Memory Dump
Memory DumpMemory Dump
Memory Dump
 
2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoring2018 - Using Honeypots for Network Security Monitoring
2018 - Using Honeypots for Network Security Monitoring
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 

Destacado

Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 
Red Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRed Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRishi Sharma
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Mr Cracker
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesThe Linux Foundation
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesThe Linux Foundation
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
 
Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCP Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCPThe Linux Foundation
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP The Linux Foundation
 

Destacado (20)

Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means
 
Xen @ Google, 2011
Xen @ Google, 2011Xen @ Google, 2011
Xen @ Google, 2011
 
Red Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization GuideRed Hat Enterprise Linux 5.2 Virtualization Guide
Red Hat Enterprise Linux 5.2 Virtualization Guide
 
Xen revisited
Xen revisitedXen revisited
Xen revisited
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 
Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)Xen and Art of Virtualization (Xen Architecture)
Xen and Art of Virtualization (Xen Architecture)
 
Why xen slides
Why xen slidesWhy xen slides
Why xen slides
 
Xen io
Xen ioXen io
Xen io
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliances
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization Opportunities
 
Openstack Xen and XCP
Openstack Xen and XCPOpenstack Xen and XCP
Openstack Xen and XCP
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009
 
Art of Using Xen at Scale
Art of Using Xen at ScaleArt of Using Xen at Scale
Art of Using Xen at Scale
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
 
Engaging the xen community
Engaging the xen communityEngaging the xen community
Engaging the xen community
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
 
Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCP Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCP
 
Xen and Apache cloudstack
Xen and Apache cloudstack Xen and Apache cloudstack
Xen and Apache cloudstack
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
 

Similar a µ-Xen

XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec ConundrumVirtualTal
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013The Linux Foundation
 
virtualization(1).pptx
virtualization(1).pptxvirtualization(1).pptx
virtualization(1).pptxAkashRajBehera
 
Virtual Desktop Infrastructure Overview
Virtual Desktop Infrastructure OverviewVirtual Desktop Infrastructure Overview
Virtual Desktop Infrastructure Overviewkoesteruk22
 
Xen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilXen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilThe Linux Foundation
 
V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2karanamsaibabu
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenBitdefender Enterprise
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Novell
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 

Similar a µ-Xen (20)

Xen Community Update 2011
Xen Community Update 2011Xen Community Update 2011
Xen Community Update 2011
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec Conundrum
 
Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013
 
virtualization(1).pptx
virtualization(1).pptxvirtualization(1).pptx
virtualization(1).pptx
 
virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptx
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Virtual Desktop Infrastructure Overview
Virtual Desktop Infrastructure OverviewVirtual Desktop Infrastructure Overview
Virtual Desktop Infrastructure Overview
 
Xen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilXen Project Update LinuxCon Brazil
Xen Project Update LinuxCon Brazil
 
V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2
 
Virtualization
VirtualizationVirtualization
Virtualization
 
unit-2.pptx
unit-2.pptxunit-2.pptx
unit-2.pptx
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xen
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008
 

Más de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

Más de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

µ-Xen

  • 2. Outline ® • µ-Xen Goals • Architecture and implementation • Evolutionary path • Use case: Bromium end-point security 2
  • 3. The µ-Xen Client Hypervisor ® • Derived from the Xen code base • Designed to address client hypervisor deployment challenges • Designed to achieve a high-degree of security assurance • No requirement to support legacy s/w or h/w • Optimized to support micro-virtualization • Evolution to a new class of hypervisor 3
  • 4. Evolution to a new class of hypervisor ® • Start with a self-contained type-2 – Host kernel module containing µ-Xen blob – Well-defined interface to/from the host • Memory allocation, Schedule VCPUs, Timers, Events • Similar to hXen project – Windows, OS X; easily portable – µ-Xen drives VT hardware, leaves IO and other hardware to host OS 4
  • 5. µ-Xen streamlines Xen code base ® • x64 only • No support for systems that are not VTx/EPT or AMDV/NPT capable • No support for PV MMU guests • Significant code size reductions • No compat code • Separate build target • Future: slim down instruction emulator 5
  • 6. µ-Xen virtual IO ® • µ-Xen demultiplexes IORecs and events to multiple host processes per VM – Able to have separate video, audio, disk, net etc processes – Helps scheduling latency, enables better exploitation mitigation lock-down • Use just the relevant parts of QEMU • User-space PV backend drivers • Post-boot virtual IO device revocation 6
  • 7. Support for large numbers of similar VMs ® • Support for VM fork – Simple extension of Populate on Demand code • Tree of templates/VMs supported • PV driver support for re-sharing free pages • IO tracking to re-share swapped and re-read pages 7
  • 8. Evolution to a new class of hypervisor ® • Goal: host is responsible for resource allocation, but can not interfere with the privacy or integrity of the hypervisor or other guests, e.g.: – Hypervisor asks host for memory, receives it, then removes host access to it – Host may perform IO on behalf of hypervisor and guests, but must be privacy and integrity protected – Host may deny service, crash; IO tamper detectable 8
  • 9. De-privilege host into a VT container ® • Remove host access to hypervisor and guest memory in EPT tables – h/w devices passed through to host, VTd protected • Device models can only access Granted memory – Require PV network and disk as no virtual DMA – Guest IO buffers encrypted/authenticated before grant copy/map • Save/restore, dom builder must first have guest memory encrypted/authenticated by hypervisor – Hypervisor paging requires similar treatment 9
  • 10. Further Enhanced Security ® • Migrate certain host h/w devices to ownership by hypervisor or privileged guest(s), replace with virtual device – E.g. Keyboard controller to avoid key logging – Possibly WiFi/NIC too • Measured launch of hypervisor – TXT/TPM to establish DRoT – Remote attestation of hypervisor configuration 10
  • 13. What Went Wrong?  Poor Isolation leads to Vulnerability  Multi-tenancy of code (& data) from a huge set of trust sources  Code & Data are executed in the context of a few, weakly organized and poorly isolated “bins” representing levels of trust - e.g. UID, GID, PID  Overloaded, complex specs & buggy implementations of porous interfaces  Thus malware can:  Access data and documents in the same “bin”  Subvert other good code that is placed into the same “bin”  Use another bug in an App or OS to elevate its privilege
  • 14. Why Legacy Security Solutions Fail Black-listing: Detection is not protection  Doesn’t protect users from zero day attacks  Unable to detect targeted & advanced malware White-listing: Restriction is not protection  Users want to be productive  Attackers can compromise trusted applications and web sites
  • 15. The Challenge Bromium Confidential 15 Bromium Confidential
  • 16. The Micro-Virtualization Approach Next generation endpoint security A pragmatic approach to trusted computing Based on hardware based isolation and not detection  Contain risky activity from corporate data and network  Block zero day and polymorphic threats Provides isolation & trust through hardware virtualization
  • 17. Lightweight, fast, Virtualizes vulnerable hidden, with an tasks within a single unchanged native UX Windows desktop Small code base for Hypervisor I/O Virtualization (VT-d) maximum security TXT & TPM based hardware root of Hardware Virtualization trust (VT-x)
  • 18. The Microvisor isolates vulnerable tasks from Windows, each other & key system resources Windows and IT Micro-VMs have provisioned apps “least privilege” are trusted access to files, Each vulnerable task networks & devices, is instantly isolated and execute CoW in a micro-VM, invisible to the user
  • 19.
  • 20. Key Threat Vectors Are Isolated Web Browsing E-mail Attachments External Documents USB files
  • 21. Conclusions ® • µ-Xen is targeted at client systems • Combines ease of deployment with useful security properties • Enables task-based micro-virtualization, allowing mandatory access control to be retrofitted to commodity client OSes • We’re hiring! Please email ian@bromium.com 21

Notas del editor

  1. dynamic content cannot be blacklistedmalicious content can compromise whitelisted apps