Upload
others
View
27
Download
0
Embed Size (px)
Citation preview
Black Hat 2007
Windows Server Virtualization & Windows Server Virtualization & The Windows HypervisorThe Windows Hypervisor
Brandon BakerLead Security Engineer
Windows Kernel TeamMicrosoft Corporation
Black Hat 2007
Agenda - Windows Server Virtualization (WSV)
Why a hypervisor?Quick Background & Architecture
For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions
Black Hat 2007
Why a hypervisor?
Thin, low level microkernelEliminates ring compressionRuns guest operating systems w/o modificationAdds defense in depthLeverage current & future hardwareScalability
Black Hat 2007
Agenda - Windows Server Virtualization (WSV)
Why a hypervisor?Quick Background & Architecture
For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions
Black Hat 2007
Windows Server Virtualization BackgroundProject code name ViridianFull machine virtualization for guest operating systemsComponent of Windows Server 2008Final version available within 180 days of Windows Server 2008 RTMInstalls as a role on Server Core
Black Hat 2007
Windows Server Virtualization BackgroundHas three major components:
HypervisorVirtualization StackVirtual Devices
Hypervisor BasedTakes advantage of (and requires) processor virtualization extensionsSupported on x64 hardware only, 32/64bit guest support
Black Hat 2007
The Old Way Virtual Server Architecture
Windows Server 2003 or Windows XP
Kernel VMM Kernel
Virtual Server Service
IIS
Virtual Server WebApp
Provided by:Provided by:
WindowsWindows
ISVISV
Virtual ServerVirtual Server
Server Hardware
Host
Ring 1: Guest Kernel Mode
Windows (NT4, 2000, 2003)
VM Additions
Ring 0: Kernel Mode
Ring 3: User Mode
Guest Applications
Guests
Device Drivers
Black Hat 2007
Root
Virtualization Service
Providers (VSPs)
Windows Kernel
Server Core
Device Drivers
Windows hypervisor
Virtualization Stack
VM Worker ProcessesVM
Service
WMI Provider
Guest Partitions
Ring 0: Kernel Mode
Ring 3: User Mode
Virtualization Service Clients (VSCs)
OS Kernel
EnlightenmentsVMBus
Guest Applications
Server Hardware
Provided by:Provided by:
WindowsWindows
ISVISV
ViridianViridian
The New Way WSV Architecture
Partition
Black Hat 2007
Virtualization Attacks
Root Partition
Virtualization Service
Providers (VSPs)
Windows Kernel
Server Core
Device Drivers
Virtualization Stack
VM Worker ProcessesVM
Service
WMI Provider
Guest Partitions
Ring 0: Kernel Mode
Virtualization Service Clients (VSCs)
EnlightenmentsVMBus
Server Hardware
Provided by:Provided by:
WindowsWindows
ISVISV
ViridianViridianGuest Applications
HackersHackers
OS Kernel
Ring 3: User Mode
Windows hypervisor
VMBus
Black Hat 2007
Hypervisor
Partitioning KernelPartition is isolation boundaryFew virtualization functions; relies on virtualization stack
Very thin layer of softwareMicrokernelHighly reliable
No device driversTwo versions, one for Intel and one for AMDDrivers run in the rootLeverage the large base of Windows drivers
Well-defined interfaceAllow others to create support for their OSes as guests
Black Hat 2007
Runs within the root partitionPortion of traditional hypervisor that has been pushed up and out to make a micro-hypervisorManages guest partitionsHandles interceptsEmulates devices
Virtualization Stack
Black Hat 2007
Agenda - Windows Server Virtualization (WSV)
Why a hypervisor?Quick Background & Architecture
For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions
Black Hat 2007
Guests are untrustedRoot must be trusted by hypervisor; parent must be trusted by children.Code will run in all available processor modes, rings, and segmentsHypercall interface will be well documented and widely available to attackers.All hypercalls can be attempted by guestsCan detect you are running on a hypervisorWe’ll even give you the versionThe internal design of the hypervisor will be well understood
Security Assumptions
Black Hat 2007
Security Goals
Strong isolation between partitionsProtect confidentiality and integrity of guest data
SeparationUnique hypervisor resource pools per guestSeparate worker processes per guestGuest-to-parent communications over unique channels
Non-interferenceGuests cannot affect the contents of other guests, parent, hypervisorGuest computations protected from other guestsGuest-to-guest communications not allowed through VM interfaces
Black Hat 2007
Security Non-Goals
Things we don’t do in Windows Server Virtualization*
Mitigate hardware bleed-through (inference attacks)Mitigate covert channelsGuarantee availabilityProtect guests from the rootProtect the hypervisor from the rootUtilize trusted hardware
TPM, Device Assignment, DMA protection, Secure Launch
*at least, not yet
Black Hat 2007
WSV Security Hardening (1/2)
Hypervisor has separate address spaceGuest addresses != Hypervisor addresses
No 3rd party code in the HypervisorLimited number of channels from guests to hypervisor
No “IOCTL”-like thingsGuest to guest communication through hypervisor is prohibitedNo shared memory mapped between guestsGuests never touch real hardware i/o
Black Hat 2007
WSV Security Hardening (2/2)
Hypervisor built with Stack guard cookies (/GS)Hardware No eXecute (NX)Code pages marked read onlyMemory guard pagesLimited exception handlingHypervisor binary is signed
Hypervisor and Root going through SDLThreat modelingStatic AnalysisFuzz testingPenetration testing
Black Hat 2007
Hypervisor Security ModelMemory
Physical Address to Partition map maintained by HvParent/Child ownership model on memoryCan supersede access rights in guest page tables (R, W, X)
CPUHardware guarantees cache & register isolation, TLB flushing, instruction interception
I/OHypervisor enforces Parent policy for all guest access to I/O portsWSV v1 policy is guests have no access to real hardware
Hypervisor InterfacePartition privilege modelGuests access to hypercalls, instructions, MSRs with security impact enforced based on Parent policyWSV v1 policy is guests have no access to privileged instructions
Black Hat 2007
WSV Security ModelUses Authorization Manager (AzMan)
Fine grained authorization and access controlDepartment and role basedSegregate who can manage groups of VMs
Define specific functions for individuals or rolesStart, stop, create, add hardware, change drive image
VM administrators don’t have to be Server 2008 administratorsGuest resources are controlled by per VM configuration filesShared resources are protected
Read-only (CD ISO file)Copy on write (differencing disks)
Black Hat 2007
Time Virtualization Three types of time
Calendar timeAffected by Daylight Savings changesSource is parent-created virtual RTC device
Machine timeUnaffected by Daylight Savings changes
5 seconds in the future, etc.Sources
Per-VP virtualized APIC timer (periodic or single-shot)Four per-VP SynIC timers (periodic or single-shot)Per-partition constant-rate monotonically-increasing reference counter
Scheduling timeHow long has this processor been scheduled
Black Hat 2007
Time Virtualization Design Choice
How to handle RDTSC?When a Virtual Processor (VP) is intercepted, a single instruction can appear to take a long time – namely, the time it takes to enter the hypervisor, perform actions, and return to a guest
TSC is recorded and can be modified in guest control structure (VMCS/VMCB)
“Allow it to advance naturally”•Just leave it alone
But…•A VP can be rescheduled on a different LP, whose TSC could be smaller•Can’t allow TSCs to jump backwards in time
“Modify it to appear unchanged”•On entry into the Hv, record guest TSC.•On return to guest, reload original TSC value minus some amount
But…•Never know how long the return instruction will take (caches!)•Still observable at a certain granularity
Some software depends on knowing cycle counts between instruction blocks (video/audio codecs)
So, we allow it to advance naturally, with a guarantee that it will never appear to go backwards on a given VP
Black Hat 2007
Agenda - Windows Server Virtualization (WSV)
Why a hypervisor?Quick Background & Architecture
For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions
Black Hat 2007
Deployment Considerations (1/2)Patching the hypervisor
Windows UpdateManaging lots of virtual machines
System Center – Virtual Machine ManagerMinimize risk to the Root Partition
Utilize Server CoreDon’t run arbitrary apps, no web surfingRun your apps and services in guests
Connect to back-end management networkOnly expose guests to internet traffic
Enable NX and virtualization in BIOS
Black Hat 2007
Deployment Considerations (2/2)
Two virtual machines can’t have the same degree of isolation as two physical machines:
Inference AttacksCovert Channels
Not recommended to host two VMs of vastly differing trust levels on the same system
e.g. a front-end web server and a certificate server
Black Hat 2007
Agenda - Windows Server Virtualization (WSV)
Why a hypervisor?Quick Background & Architecture
For more details, see presentation on conference CDSecurity CharacteristicsDeployment ConsiderationsFuture Directions
Black Hat 2007
Future Security BenefitsMany types of virtualization (app, OS, machine) each with increasing levels of isolation (and overhead)Powerful tool for virus isolation and analysisImproved forensic capability for compromised operating systemsInvestments in OS hardening through hypervisor featuresPotential for greater intra-OS isolation (e.g. Ring 0 separation of drivers)VMs can be leveraged for hosting security appliances
Black Hat 2007
Security Challenges
VM to VM network monitoringManaging VM OS patch levelsLeakage of information between partitions due to shared hardwareLarger attack surface than air-gapped machinesHigh availability – SLA attacksThreat of malicious, unauthorized hypervisors (hypervisor- mode rootkits)
Black Hat 2007
Future Security Work
Secure LaunchIntel TXTtm (senter) and AMD SVMtm (skinit) Gives machine owner ability to control what code can use ring -1Policy enforcement in hardware to block launch of unauthorized hypervisorsAllows hypervisor to protect itself against tampering
DMA RemappingIntel VT-d and AMD IOMMUGives guests gated access to real hardwareAllows hypervisor to protect self against DMA attack
Black Hat 2007
© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Conclusion
Hypervisors kick ass.Beta available with Server 2008 RTMWe want your feedback
http://blogs.technet.com/virtualization/[email protected]