Windows Server Virtualization & The Windows Hypervisor

Black Hat 2007

Windows Server Virtualization & Windows Server Virtualization & The Windows HypervisorThe Windows Hypervisor

Brandon BakerLead Security Engineer

Windows Kernel TeamMicrosoft Corporation

Black Hat 2007

Agenda - Windows Server Virtualization (WSV)

Why a hypervisor?Quick Background & Architecture

For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions

Black Hat 2007

Why a hypervisor?

Thin, low level microkernelEliminates ring compressionRuns guest operating systems w/o modificationAdds defense in depthLeverage current & future hardwareScalability

Black Hat 2007




Black Hat 2007

Windows Server Virtualization BackgroundProject code name ViridianFull machine virtualization for guest operating systemsComponent of Windows Server 2008Final version available within 180 days of Windows Server 2008 RTMInstalls as a role on Server Core

Black Hat 2007

Windows Server Virtualization BackgroundHas three major components:

HypervisorVirtualization StackVirtual Devices

Hypervisor BasedTakes advantage of (and requires) processor virtualization extensionsSupported on x64 hardware only, 32/64bit guest support

Black Hat 2007

The Old Way Virtual Server Architecture

Windows Server 2003 or Windows XP

Kernel VMM Kernel

Virtual Server Service

IIS

Virtual Server WebApp

Provided by:Provided by:

WindowsWindows

ISVISV

Virtual ServerVirtual Server

Server Hardware

Host

Ring 1: Guest Kernel Mode

Windows (NT4, 2000, 2003)

VM Additions

Ring 0: Kernel Mode

Ring 3: User Mode

Guest Applications

Guests

Device Drivers

Black Hat 2007

Root

Virtualization Service

Providers (VSPs)

Windows Kernel

Server Core

Device Drivers

Windows hypervisor

Virtualization Stack

VM Worker ProcessesVM

Service

WMI Provider

Guest Partitions

Ring 0: Kernel Mode

Ring 3: User Mode

Virtualization Service Clients (VSCs)

OS Kernel

EnlightenmentsVMBus

Guest Applications

Server Hardware


WindowsWindows

ISVISV

ViridianViridian

The New Way WSV Architecture

Partition

Black Hat 2007

Virtualization Attacks

Root Partition

Virtualization Service

Providers (VSPs)

Windows Kernel

Server Core

Device Drivers


VM Worker ProcessesVM

Service

WMI Provider

Guest Partitions

Ring 0: Kernel Mode

Virtualization Service Clients (VSCs)

EnlightenmentsVMBus

Server Hardware


WindowsWindows

ISVISV

ViridianViridianGuest Applications

HackersHackers

OS Kernel

Ring 3: User Mode

Windows hypervisor

VMBus

Black Hat 2007

Hypervisor

Partitioning KernelPartition is isolation boundaryFew virtualization functions; relies on virtualization stack

Very thin layer of softwareMicrokernelHighly reliable

No device driversTwo versions, one for Intel and one for AMDDrivers run in the rootLeverage the large base of Windows drivers

Well-defined interfaceAllow others to create support for their OSes as guests

Black Hat 2007

Runs within the root partitionPortion of traditional hypervisor that has been pushed up and out to make a micro-hypervisorManages guest partitionsHandles interceptsEmulates devices


Black Hat 2007




Black Hat 2007

Guests are untrustedRoot must be trusted by hypervisor; parent must be trusted by children.Code will run in all available processor modes, rings, and segmentsHypercall interface will be well documented and widely available to attackers.All hypercalls can be attempted by guestsCan detect you are running on a hypervisorWe’ll even give you the versionThe internal design of the hypervisor will be well understood

Security Assumptions

Black Hat 2007

Security Goals

Strong isolation between partitionsProtect confidentiality and integrity of guest data

SeparationUnique hypervisor resource pools per guestSeparate worker processes per guestGuest-to-parent communications over unique channels

Non-interferenceGuests cannot affect the contents of other guests, parent, hypervisorGuest computations protected from other guestsGuest-to-guest communications not allowed through VM interfaces

Black Hat 2007

Security Non-Goals

Things we don’t do in Windows Server Virtualization*

Mitigate hardware bleed-through (inference attacks)Mitigate covert channelsGuarantee availabilityProtect guests from the rootProtect the hypervisor from the rootUtilize trusted hardware

TPM, Device Assignment, DMA protection, Secure Launch

*at least, not yet

Black Hat 2007

WSV Security Hardening (1/2)

Hypervisor has separate address spaceGuest addresses != Hypervisor addresses

No 3rd party code in the HypervisorLimited number of channels from guests to hypervisor

No “IOCTL”-like thingsGuest to guest communication through hypervisor is prohibitedNo shared memory mapped between guestsGuests never touch real hardware i/o

Black Hat 2007

WSV Security Hardening (2/2)

Hypervisor built with Stack guard cookies (/GS)Hardware No eXecute (NX)Code pages marked read onlyMemory guard pagesLimited exception handlingHypervisor binary is signed

Hypervisor and Root going through SDLThreat modelingStatic AnalysisFuzz testingPenetration testing

Black Hat 2007

Hypervisor Security ModelMemory

Physical Address to Partition map maintained by HvParent/Child ownership model on memoryCan supersede access rights in guest page tables (R, W, X)

CPUHardware guarantees cache & register isolation, TLB flushing, instruction interception

I/OHypervisor enforces Parent policy for all guest access to I/O portsWSV v1 policy is guests have no access to real hardware

Hypervisor InterfacePartition privilege modelGuests access to hypercalls, instructions, MSRs with security impact enforced based on Parent policyWSV v1 policy is guests have no access to privileged instructions

Black Hat 2007

WSV Security ModelUses Authorization Manager (AzMan)

Fine grained authorization and access controlDepartment and role basedSegregate who can manage groups of VMs

Define specific functions for individuals or rolesStart, stop, create, add hardware, change drive image

VM administrators don’t have to be Server 2008 administratorsGuest resources are controlled by per VM configuration filesShared resources are protected

Read-only (CD ISO file)Copy on write (differencing disks)

Black Hat 2007

Time Virtualization Three types of time

Calendar timeAffected by Daylight Savings changesSource is parent-created virtual RTC device

Machine timeUnaffected by Daylight Savings changes

5 seconds in the future, etc.Sources

Per-VP virtualized APIC timer (periodic or single-shot)Four per-VP SynIC timers (periodic or single-shot)Per-partition constant-rate monotonically-increasing reference counter

Scheduling timeHow long has this processor been scheduled

Black Hat 2007

Time Virtualization Design Choice

How to handle RDTSC?When a Virtual Processor (VP) is intercepted, a single instruction can appear to take a long time – namely, the time it takes to enter the hypervisor, perform actions, and return to a guest

TSC is recorded and can be modified in guest control structure (VMCS/VMCB)

“Allow it to advance naturally”•Just leave it alone

But…•A VP can be rescheduled on a different LP, whose TSC could be smaller•Can’t allow TSCs to jump backwards in time

“Modify it to appear unchanged”•On entry into the Hv, record guest TSC.•On return to guest, reload original TSC value minus some amount

But…•Never know how long the return instruction will take (caches!)•Still observable at a certain granularity

Some software depends on knowing cycle counts between instruction blocks (video/audio codecs)

So, we allow it to advance naturally, with a guarantee that it will never appear to go backwards on a given VP

Black Hat 2007




Black Hat 2007

Deployment Considerations (1/2)Patching the hypervisor

Windows UpdateManaging lots of virtual machines

System Center – Virtual Machine ManagerMinimize risk to the Root Partition

Utilize Server CoreDon’t run arbitrary apps, no web surfingRun your apps and services in guests

Connect to back-end management networkOnly expose guests to internet traffic

Enable NX and virtualization in BIOS

Black Hat 2007

Deployment Considerations (2/2)

Two virtual machines can’t have the same degree of isolation as two physical machines:

Inference AttacksCovert Channels

Not recommended to host two VMs of vastly differing trust levels on the same system

e.g. a front-end web server and a certificate server

Black Hat 2007




Black Hat 2007

Future Security BenefitsMany types of virtualization (app, OS, machine) each with increasing levels of isolation (and overhead)Powerful tool for virus isolation and analysisImproved forensic capability for compromised operating systemsInvestments in OS hardening through hypervisor featuresPotential for greater intra-OS isolation (e.g. Ring 0 separation of drivers)VMs can be leveraged for hosting security appliances

Black Hat 2007

Security Challenges

VM to VM network monitoringManaging VM OS patch levelsLeakage of information between partitions due to shared hardwareLarger attack surface than air-gapped machinesHigh availability – SLA attacksThreat of malicious, unauthorized hypervisors (hypervisor- mode rootkits)

Black Hat 2007

Future Security Work

Secure LaunchIntel TXTtm (senter) and AMD SVMtm (skinit) Gives machine owner ability to control what code can use ring -1Policy enforcement in hardware to block launch of unauthorized hypervisorsAllows hypervisor to protect itself against tampering

DMA RemappingIntel VT-d and AMD IOMMUGives guests gated access to real hardwareAllows hypervisor to protect self against DMA attack

Black Hat 2007

© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Conclusion

Hypervisors kick ass.Beta available with Server 2008 RTMWe want your feedback

http://blogs.technet.com/virtualization/[email protected]

http://blogs.technet.com/virtualization/

Documents

Windows Server Virtualization & The Windows Hypervisor