SlideShare una empresa de Scribd logo

XS Japan 2008 App Data English

The Linux Foundation
The Linux Foundation

Koichi Onoue: Controlling System Calls and Protecting Application Data in Virtual Machines

TecnologíaEmpresariales
1 de 26
Descargar para leer sin conexión
Controlling System Calls and Protecting Application Data in Virtual Machines Koichi Onoue* Yoshihiro Oyama** Akinori Yonezawa* * The University of Tokyo ** The University of Electro-Communications
Protection for Applications • Security systems has been widely applied to provide secure computing environments – Sandboxing systems – Intrusion detecion/prevension systems (IDSes/IPSes) – Anti-virus tools Confidential data Security Application control system OS kernel
Security Systems Can Also Be Compromised! • Security systems and the other applications are running in the same execution space Application 1 was compromised ! Confidential data Application 1 Security Application 2 control system OS kernel
Advantages of Virtual Machine Monitor (VMM) in Terms of Security • VMM can provide strong isolation between VMs Application Application – VMM prevents a compromised VM from OS OS attacking to the other VMs (Guest OS) (Guest OS) • VMM can control access Virtual machine Virtual machine to physical computing (VM) (VM) resources such as a physical memory and a disk Virtual machine monitor (VMM) – VMM is running at the higher privileged level than VMs Hardware
Our Goal • Enhancing application security from outside of VMs – In cooperation with VMM, security systems control behaviors of application and protect application data Target VM Control VM Application Security system VMM
Our Approach • Controlling system calls from outside of target VMs – We confine behaviors of application processes • Controlling memory and file operations related with target applications in a VMM and a control VM – We prevent non-target programs from leaking target application data and tampering with them  Our system control only the target application which users specify We extend a para-virtualization version of Xen
Controlling System Calls from Outside of target VMs
Comparison between “w/o VMM” and “w/ VMM” Security Security system in systems cooperation with VMM (“w/o VMM”) (“w/ VMM”) × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems
Goal for Controlling System Calls Security Security systems in systems cooperation with VMM × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems Semantic gap Our goal
Approach for Controlling System Calls • Controlling system calls from outside of VMs – Using information on target OSes • Conforming to security policies Target VM Control VM Security policy application Security system VMM
Bridging the Semantic Gap • What a VMM can observe – Events :Privileged instructions, Interrupts, … – Execution States:Registers, Memory pages, … Semantic gap • What security systems require – Events :System calls, … – Execution states: Process ID, System call number, …
Security Policy • Specifies invoked system calls with pattern matching ... open default: allow fileEq(“/etc/passwd”) or filePrefixEq(“/etc/cron.d”) deny(EPERM) ...
Controlling Memory and File Operations Related with Application Data
Goal for Protecting Application Data • Prevent compromised programs from leaking target data and tampering with them – Attackers use ptrace system call and kernel modules, etc. Memory Virtual disk Target Target Confidential data Tampering Leaking Application OS kernel VM Compromised program
Approach for Protecting Application Data • Hiding “real” application data on a memory and a virtual disk from compromised programs – Compromised programs include target OS • Application data on a memory – Code region, data region, stack region, etc. ➔VMM multiplexes target physical pages • Application data on a virtual disk – Executables, configuration files, etc. ➔ Control VM manages them
OS Memory Management Virtual address Physical address space space OS address translation Application Application
VMM Memory Management Target VM virtual Target VM VMM physical address space physical address address space gPA → space (gVA) (hPA) hPA (gPA) Application Application application gVA → hPA VMM address translation 17
Approach for Protecting Application Memory Data (1/2) • According to the operational mode, a VMM switches accessible physical pages Target VM virtual Target VM VMM physical address space physical address address space space (gVA) (hPA) (gPA) Application Dummy data Application “Real” data Accessible page at user-level Accessible page at kernel-level – Overshadow[Chen et al., 2008] – [Rosenblum et al.,2008]
Approach for Protecting Application Memory Data (2/2) • When the operational mode were changed, a VMM switch the page tables – Exception/Interrupt handling – System call handling
Approach for Protecting Application File Data (1/5) • Control VM manages “real” target files – Executables, configuration and data base files, etc. – Security policy specifies target files Control VM Target VM Security Dummy policy Security system Application configuration “Real” file configuration file Dummy “Real” executable executable VMM
Approach for Protecting Application File Data (2/5) Control VM Target VM Memory Security system Application read a configuration file Configuration file Application VMM
Approach for Protecting Application File Data (3/5) Control VM Target VM Memory Security system VMM intercepts Configuration “read” system call file Application VMM
Approach for Protecting Application File Data (4/5) Security system Control VM Target VM emulates “read” Memory Security system Configuration file Application VMM
Approach for Protecting Application File Data (5/5) Control VM Target VM Memory Security system Configuration VMM notifies file application of a Application result of “read” VMM
Conclusion • We have proposed security system that enhances applications inside target VMs – Controlling of application behaviors • Controlling of system calls from outside of target VMs – Protecting application data on a memory and a virtual disk • Application memory data: VMM multiplexes target physical pages • Application file data: Control VM manages them
Fin

Recomendados

XS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishXS Japan 2008 Citrix English
XS Japan 2008 Citrix English
The Linux Foundation
 
XS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishXS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM English
The Linux Foundation
 
XS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIXS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCI
The Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008
The Linux Foundation
 
XS Japan 2008 Services English
XS Japan 2008 Services EnglishXS Japan 2008 Services English
XS Japan 2008 Services English
The Linux Foundation
 
XS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesXS Oracle 2009 Intro Slides
XS Oracle 2009 Intro Slides
The Linux Foundation
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008
The Linux Foundation
 
XS Boston 2008 Project Status
XS Boston 2008 Project StatusXS Boston 2008 Project Status
XS Boston 2008 Project Status
The Linux Foundation
 

Recomendados

XS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishXS Japan 2008 Citrix English
XS Japan 2008 Citrix English
The Linux Foundation
 
XS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishXS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM English
The Linux Foundation
 
XS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIXS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCI
The Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008
The Linux Foundation
 
XS Japan 2008 Services English
XS Japan 2008 Services EnglishXS Japan 2008 Services English
XS Japan 2008 Services English
The Linux Foundation
 
XS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesXS Oracle 2009 Intro Slides
XS Oracle 2009 Intro Slides
The Linux Foundation
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008
The Linux Foundation
 
XS Boston 2008 Project Status
XS Boston 2008 Project StatusXS Boston 2008 Project Status
XS Boston 2008 Project Status
The Linux Foundation
 
Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best Practis
Blauge
 
XS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationXS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO Emulation
The Linux Foundation
 
XS Oracle 2009 PVOps
XS Oracle 2009 PVOpsXS Oracle 2009 PVOps
XS Oracle 2009 PVOps
The Linux Foundation
 
XS Oracle 2009 Error Detection
XS Oracle 2009 Error DetectionXS Oracle 2009 Error Detection
XS Oracle 2009 Error Detection
The Linux Foundation
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVF
The Linux Foundation
 
XS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm SnapshotsXS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm Snapshots
The Linux Foundation
 
Master VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementMaster VMware Performance and Capacity Management
Master VMware Performance and Capacity Management
Iwan Rahabok
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Sree Harsha Boyapati
 
Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template
wmosquera
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPM
The Linux Foundation
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault Tolerance
The Linux Foundation
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
Peter Ocasek
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 Keynote
The Linux Foundation
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & Training
The Linux Foundation
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status English
The Linux Foundation
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
Alan Renouf
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti English
The Linux Foundation
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009
The Linux Foundation
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
Peter Ocasek
 
XS Japan 2008 BitVisor English
XS Japan 2008 BitVisor EnglishXS Japan 2008 BitVisor English
XS Japan 2008 BitVisor English
The Linux Foundation
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
Mangesh Gunjal
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
vivekbhat
 

Más contenido relacionado

La actualidad más candente

Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template
wmosquera
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
Peter Ocasek
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
Peter Ocasek
 

La actualidad más candente (20)

Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best Practis
 
XS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationXS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO Emulation
 
XS Oracle 2009 PVOps
XS Oracle 2009 PVOpsXS Oracle 2009 PVOps
XS Oracle 2009 PVOps
 
XS Oracle 2009 Error Detection
XS Oracle 2009 Error DetectionXS Oracle 2009 Error Detection
XS Oracle 2009 Error Detection
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVF
 
XS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm SnapshotsXS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm Snapshots
 
Master VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementMaster VMware Performance and Capacity Management
Master VMware Performance and Capacity Management
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guide
 
Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPM
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault Tolerance
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 Keynote
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & Training
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status English
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti English
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
 
XS Japan 2008 BitVisor English
XS Japan 2008 BitVisor EnglishXS Japan 2008 BitVisor English
XS Japan 2008 BitVisor English
 

Similar a XS Japan 2008 App Data English

Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
Mangesh Gunjal
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
vivekbhat
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
vivekbhat
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
pivanon243
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
EMC
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
EMC
 
Cloud security
Cloud securityCloud security
Cloud security
insoonjo
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
Priyanka Aash
 

Similar a XS Japan 2008 App Data English (20)

Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Chapter 3.4.pptx
Chapter 3.4.pptxChapter 3.4.pptx
Chapter 3.4.pptx
 
Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008
 
IaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdfIaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdf
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Virutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter SecurityVirutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter Security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualization
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 

Más de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
The Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
The Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
The Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 

Más de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

XS Japan 2008 App Data English

  • 1. Controlling System Calls and Protecting Application Data in Virtual Machines Koichi Onoue* Yoshihiro Oyama** Akinori Yonezawa* * The University of Tokyo ** The University of Electro-Communications
  • 2. Protection for Applications • Security systems has been widely applied to provide secure computing environments – Sandboxing systems – Intrusion detecion/prevension systems (IDSes/IPSes) – Anti-virus tools Confidential data Security Application control system OS kernel
  • 3. Security Systems Can Also Be Compromised! • Security systems and the other applications are running in the same execution space Application 1 was compromised ! Confidential data Application 1 Security Application 2 control system OS kernel
  • 4. Advantages of Virtual Machine Monitor (VMM) in Terms of Security • VMM can provide strong isolation between VMs Application Application – VMM prevents a compromised VM from OS OS attacking to the other VMs (Guest OS) (Guest OS) • VMM can control access Virtual machine Virtual machine to physical computing (VM) (VM) resources such as a physical memory and a disk Virtual machine monitor (VMM) – VMM is running at the higher privileged level than VMs Hardware
  • 5. Our Goal • Enhancing application security from outside of VMs – In cooperation with VMM, security systems control behaviors of application and protect application data Target VM Control VM Application Security system VMM
  • 6. Our Approach • Controlling system calls from outside of target VMs – We confine behaviors of application processes • Controlling memory and file operations related with target applications in a VMM and a control VM – We prevent non-target programs from leaking target application data and tampering with them  Our system control only the target application which users specify We extend a para-virtualization version of Xen
  • 7. Controlling System Calls from Outside of target VMs
  • 8. Comparison between “w/o VMM” and “w/ VMM” Security Security system in systems cooperation with VMM (“w/o VMM”) (“w/ VMM”) × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems
  • 9. Goal for Controlling System Calls Security Security systems in systems cooperation with VMM × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems Semantic gap Our goal
  • 10. Approach for Controlling System Calls • Controlling system calls from outside of VMs – Using information on target OSes • Conforming to security policies Target VM Control VM Security policy application Security system VMM
  • 11. Bridging the Semantic Gap • What a VMM can observe – Events :Privileged instructions, Interrupts, … – Execution States:Registers, Memory pages, … Semantic gap • What security systems require – Events :System calls, … – Execution states: Process ID, System call number, …
  • 12. Security Policy • Specifies invoked system calls with pattern matching ... open default: allow fileEq(“/etc/passwd”) or filePrefixEq(“/etc/cron.d”) deny(EPERM) ...
  • 13. Controlling Memory and File Operations Related with Application Data
  • 14. Goal for Protecting Application Data • Prevent compromised programs from leaking target data and tampering with them – Attackers use ptrace system call and kernel modules, etc. Memory Virtual disk Target Target Confidential data Tampering Leaking Application OS kernel VM Compromised program
  • 15. Approach for Protecting Application Data • Hiding “real” application data on a memory and a virtual disk from compromised programs – Compromised programs include target OS • Application data on a memory – Code region, data region, stack region, etc. ➔VMM multiplexes target physical pages • Application data on a virtual disk – Executables, configuration files, etc. ➔ Control VM manages them
  • 16. OS Memory Management Virtual address Physical address space space OS address translation Application Application
  • 17. VMM Memory Management Target VM virtual Target VM VMM physical address space physical address address space gPA → space (gVA) (hPA) hPA (gPA) Application Application application gVA → hPA VMM address translation 17
  • 18. Approach for Protecting Application Memory Data (1/2) • According to the operational mode, a VMM switches accessible physical pages Target VM virtual Target VM VMM physical address space physical address address space space (gVA) (hPA) (gPA) Application Dummy data Application “Real” data Accessible page at user-level Accessible page at kernel-level – Overshadow[Chen et al., 2008] – [Rosenblum et al.,2008]
  • 19. Approach for Protecting Application Memory Data (2/2) • When the operational mode were changed, a VMM switch the page tables – Exception/Interrupt handling – System call handling
  • 20. Approach for Protecting Application File Data (1/5) • Control VM manages “real” target files – Executables, configuration and data base files, etc. – Security policy specifies target files Control VM Target VM Security Dummy policy Security system Application configuration “Real” file configuration file Dummy “Real” executable executable VMM
  • 21. Approach for Protecting Application File Data (2/5) Control VM Target VM Memory Security system Application read a configuration file Configuration file Application VMM
  • 22. Approach for Protecting Application File Data (3/5) Control VM Target VM Memory Security system VMM intercepts Configuration “read” system call file Application VMM
  • 23. Approach for Protecting Application File Data (4/5) Security system Control VM Target VM emulates “read” Memory Security system Configuration file Application VMM
  • 24. Approach for Protecting Application File Data (5/5) Control VM Target VM Memory Security system Configuration VMM notifies file application of a Application result of “read” VMM
  • 25. Conclusion • We have proposed security system that enhances applications inside target VMs – Controlling of application behaviors • Controlling of system calls from outside of target VMs – Protecting application data on a memory and a virtual disk • Application memory data: VMM multiplexes target physical pages • Application file data: Control VM manages them
  • 26. Fin