LCEU13: Securing your cloud with Xen's advanced security features - George Dunlap, Citrix

Intro Network path Bootloader Device model Xen Conclusion

Securing your cloud with Xen’s advanced securityfeatures

George Dunlap

Edinburgh – 21-23 October, 2013


Xen: an open-source, enterprise-grade, type Ihypervisor

Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 2 / 33


Built for the Cloud before it was called the Cloud



Advanced security features



Goal

I Tools to think about security in Xen

I Know some key security features of Xen

I Equipped with the knowledge to get them working



Goal






Goal






Outline

I Overview of the Xen architecture

I Brief introduction to principles of security analysis

I Consider some attack surfacesI Xen features we can use to make them more secure

I Driver domainsI pvgrubI stub domainsI PV vs HVMI FLASK example policy



Outline







Outline



I Consider some attack surfaces

I Xen features we can use to make them more secure




Outline







Outline




I Driver domains

I pvgrubI stub domainsI PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrub

I stub domainsI PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrubI stub domains

I PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrubI stub domainsI PV vs HVM

I FLASK example policy



Outline







Xen Architecture

Xen Hypervisor

Hardware

device model(qemu)

toolstack

dom 0

HardwareDrivers

I/O Devices CPU Memory

Paravirtualized(PV)

Domain

Fully Virtualized

(HVM)Domainnetback

blkbacknetfrontblkfront



Security Overview

I Threat Model

I Attacker can access guest networkI Attacker controls one guest OS



Security Overview

I Threat ModelI Attacker can access guest network

I Attacker controls one guest OS



Security Overview

I Threat ModelI Attacker can access guest networkI Attacker controls one guest OS



Security Overview

I Security considerationsI How much code is accessible?

I What is the interface like?I Defense-in-depth



Security Overview

I Security considerationsI How much code is accessible?I What is the interface like?

I Defense-in-depth



Security Overview

I Security considerationsI How much code is accessible?I What is the interface like?

I Defense-in-depth



Security Overview

I Security considerationsI How much code is accessible?I What is the interface like?I Defense-in-depth



Example System

I Hardware setup

I Two networks: control network, guest networkI IOMMU with interrupt remapping (AMD or Intel VT-d v2)

I Default configuration

I Network drivers in dom0I PV guests with pygrubI HVM guests with qemu running in domain 0



Example System

I Hardware setupI Two networks: control network, guest network

I IOMMU with interrupt remapping (AMD or Intel VT-d v2)





Example System

I Hardware setupI Two networks: control network, guest networkI IOMMU with interrupt remapping (AMD or Intel VT-d v2)





Example System






Example System


I Default configurationI Network drivers in dom0

I PV guests with pygrubI HVM guests with qemu running in domain 0



Example System


I Default configurationI Network drivers in dom0I PV guests with pygrub

I HVM guests with qemu running in domain 0



Example System


I Default configurationI Network drivers in dom0I PV guests with pygrubI HVM guests with qemu running in domain 0



Attack surface: Network path

Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I How to break in?

I Bugs in hardware driverI Bugs in bridging / filteringI Bugs in netback via the ring protocol




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I How to break in?I Bugs in hardware driver

I Bugs in bridging / filteringI Bugs in netback via the ring protocol




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I How to break in?I Bugs in hardware driverI Bugs in bridging / filtering

I Bugs in netback via the ring protocol




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I How to break in?I Bugs in hardware driverI Bugs in bridging / filteringI Bugs in netback via the ring protocol




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I What does it buy you?

I Control of domain 0 kernelI Pretty much control of the whole system




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I What does it buy you?I Control of domain 0 kernel

I Pretty much control of the whole system




Xen Hypervisor

Hardware

toolstackdom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

I What does it buy you?I Control of domain 0 kernelI Pretty much control of the whole system



Security feature: Driver Domains

Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I What is it?

I Unprivileged VM which drives hardware, provides access toguests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I What is it?I Unprivileged VM which drives hardware, provides access to

guests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I Now an exploit buys you:

I Control of a PV VM (PV hypercall interface)I Guest network trafficI Control of NICI Opportunity to attack netfront of other guests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I Now an exploit buys you:I Control of a PV VM (PV hypercall interface)

I Guest network trafficI Control of NICI Opportunity to attack netfront of other guests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I Now an exploit buys you:I Control of a PV VM (PV hypercall interface)I Guest network traffic

I Control of NICI Opportunity to attack netfront of other guests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I Now an exploit buys you:I Control of a PV VM (PV hypercall interface)I Guest network trafficI Control of NIC

I Opportunity to attack netfront of other guests




Xen Hypervisor

Hardware

toolstack

dom 0

NICDriver

Control NIC

RogueDomain

netback netfront

Guest NIC

bridgeiptables

Domain

netfront

NICDriver

Driver Domain

I Now an exploit buys you:I Control of a PV VM (PV hypercall interface)I Guest network trafficI Control of NICI Opportunity to attack netfront of other guests



HowTo: Driver Domains

I Create a VM with appropriate drivers

I Any distro supporting dom0 should do

I Install the xen-related hotplug scripts

I Just installing the xen tools in the VM is usually good enough

I Give the VM access to the physical NIC with PCI pass-throughI Configure the network topology in the driver domain

I Just like you would for dom0

I Configure the guest vif to use the new domain ID

I Add backend=domnet to vif declaration

vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ]

I http://wiki.xen.org/wiki/Driver Domain




I Create a VM with appropriate driversI Any distro supporting dom0 should do

























I Install the xen-related hotplug scriptsI Just installing the xen tools in the VM is usually good enough












I Give the VM access to the physical NIC with PCI pass-through

I Configure the network topology in the driver domain














































I Configure the guest vif to use the new domain IDI Add backend=domnet to vif declaration

























Attack surface: Pygrub

Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I What is it?

I grub implementation for PV guestsI Python program running in domain 0I Reads guest FS, parses grub.conf, presents menuI Passes resulting kernel image to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I What is it?I grub implementation for PV guests

I Python program running in domain 0I Reads guest FS, parses grub.conf, presents menuI Passes resulting kernel image to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I What is it?I grub implementation for PV guestsI Python program running in domain 0

I Reads guest FS, parses grub.conf, presents menuI Passes resulting kernel image to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I What is it?I grub implementation for PV guestsI Python program running in domain 0I Reads guest FS, parses grub.conf, presents menu

I Passes resulting kernel image to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I What is it?I grub implementation for PV guestsI Python program running in domain 0I Reads guest FS, parses grub.conf, presents menuI Passes resulting kernel image to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I How to break in?

I Bugs in file system parserI Bugs in menu parserI Bugs in kernel / initrd image parsers




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I How to break in?I Bugs in file system parser

I Bugs in menu parserI Bugs in kernel / initrd image parsers




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I How to break in?I Bugs in file system parserI Bugs in menu parser

I Bugs in kernel / initrd image parsers




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

I How to break in?I Bugs in file system parserI Bugs in menu parserI Bugs in kernel / initrd image parsers




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

kernel


I Control of domain 0 user spaceI Pretty much control of the whole system




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

kernel

I What does it buy you?I Control of domain 0 user space

I Pretty much control of the whole system




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

pygrub

guestdisk

kernel

I What does it buy you?I Control of domain 0 user spaceI Pretty much control of the whole system



Security practice: Fixed kernels

Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I What is it?

I Passing a known-good kernel from domain 0

I Removes attacker avenue to domain builder




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I What is it?I Passing a known-good kernel from domain 0





Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I What is it?I Passing a known-good kernel from domain 0





Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I Disadvantages

I Host admin must keep up with kernel updatesI Guest admin can’t pass kernel parameters, custom kernels,




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I DisadvantagesI Host admin must keep up with kernel updates

I Guest admin can’t pass kernel parameters, custom kernels,




Xen Hypervisor

toolstackdom 0

Paravirtualized(PV)

Domain

domainbuilder

kernelimage

guestdisk

I DisadvantagesI Host admin must keep up with kernel updatesI Guest admin can’t pass kernel parameters, custom kernels,



Security feature: pvgrub

Xen Hypervisor

toolstackdom 0

domainbuilder

guestdisk

MiniOS

pvgrub

I What is it?

I MiniOS + pv port of grub running in a guest contextI PV equivalent of HVM “BIOS + grub”


I Control of your own VM




Xen Hypervisor

toolstackdom 0

domainbuilder

guestdisk

MiniOS

pvgrub

I What is it?I MiniOS + pv port of grub running in a guest context

I PV equivalent of HVM “BIOS + grub”I Now an exploit buys you:





Xen Hypervisor

toolstackdom 0

domainbuilder

guestdisk

MiniOS

pvgrub

I What is it?I MiniOS + pv port of grub running in a guest contextI PV equivalent of HVM “BIOS + grub”






Xen Hypervisor

toolstackdom 0

domainbuilder

guestdisk

MiniOS

pvgrub







Xen Hypervisor

toolstackdom 0

domainbuilder

guestdisk

MiniOS

pvgrub


I Now an exploit buys you:I Control of your own VM



HowTo: pvgrub

I Make sure that you have the pvgrub image

I pvgrub-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself

I Use appropriate pvgrub as kernel in guest config

kernel=”/usr/lib/xen/boot/pvgrub-x86 32.gz”

I http://wiki.xen.org/wiki/Pvgrub



HowTo: pvgrub

I Make sure that you have the pvgrub imageI pvgrub-$ARCH.gz

I Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself






HowTo: pvgrub

I Make sure that you have the pvgrub imageI pvgrub-$ARCH.gzI Normally lives in /usr/lib/xen/boot

I Included in Fedora Xen packagesI Debian-based: need to build yourself






HowTo: pvgrub

I Make sure that you have the pvgrub imageI pvgrub-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packages

I Debian-based: need to build yourself






HowTo: pvgrub

I Make sure that you have the pvgrub imageI pvgrub-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself






HowTo: pvgrub







HowTo: pvgrub







HowTo: pvgrub







Attack surface: Device model (qemu)

Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

I How to break in?

I Bugs in NIC emulator parsing packetsI Bugs in emulation of virtual devices




Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

I How to break in?I Bugs in NIC emulator parsing packets

I Bugs in emulation of virtual devices




Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

I How to break in?I Bugs in NIC emulator parsing packetsI Bugs in emulation of virtual devices




Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain


I Domain 0 privileged userspaceI Pretty much control of the whole system

I Not hypothetical

I Three exploitable bugs found in qemu last 2 years




Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

I What does it buy you?I Domain 0 privileged userspace

I Pretty much control of the whole systemI Not hypothetical





Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

I What does it buy you?I Domain 0 privileged userspaceI Pretty much control of the whole system

I Not hypothetical





Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain


I Not hypothetical





Xen Hypervisor

device model(qemu)

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain


I Not hypotheticalI Three exploitable bugs found in qemu last 2 years



Security feature: qemu stub domains

Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios

I What is it?

I Stub domain: a small “service” domain running just oneapplication

I qemu stub domain: run each qemu in its own domain




Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios

I What is it?I Stub domain: a small “service” domain running just one

application

I qemu stub domain: run each qemu in its own domain




Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios

I What is it?I Stub domain: a small “service” domain running just one

applicationI qemu stub domain: run each qemu in its own domain




Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios


I Control of the stubom VMI Access to PV interfaces




Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios

I Now an exploit buys you:I Control of the stubom VM

I Access to PV interfaces




Xen Hypervisor

toolstack

dom 0

HardwareDrivers

Fully Virtualized

(HVM)Domain

device model

Stub Domain

minios

I Now an exploit buys you:I Control of the stubom VMI Access to PV interfaces



HowTo: qemu stub domains

I Make sure that you have the stubdom image:

I ioemu-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself

I Specify stub domains in your guest config

device model stubdomain override = 1

I http://wiki.xen.org/wiki/Device Model Stub Domains




I Make sure that you have the stubdom image:I ioemu-$ARCH.gz

I Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself







I Make sure that you have the stubdom image:I ioemu-$ARCH.gzI Normally lives in /usr/lib/xen/boot

I Included in Fedora Xen packagesI Debian-based: need to build yourself







I Make sure that you have the stubdom image:I ioemu-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packages

I Debian-based: need to build yourself







I Make sure that you have the stubdom image:I ioemu-$ARCH.gzI Normally lives in /usr/lib/xen/bootI Included in Fedora Xen packagesI Debian-based: need to build yourself



























Attack Surface: Xen

I HVM guests

I HVM hypercalls (Subset of PV hypercalls)I Instruction emulation (MMIO, shadow pagetables)I Emulated platform devices: APIC, HPET, PITI Nested virtualization

I PV guests

I PV HypercallsI Shared address space

I Survey of security updates looks statistically similar

I Security practice: If you can’t use stub domains, use PV VMs



Attack Surface: Xen

I HVM guestsI HVM hypercalls (Subset of PV hypercalls)

I Instruction emulation (MMIO, shadow pagetables)I Emulated platform devices: APIC, HPET, PITI Nested virtualization

I PV guests






Attack Surface: Xen

I HVM guestsI HVM hypercalls (Subset of PV hypercalls)I Instruction emulation (MMIO, shadow pagetables)

I Emulated platform devices: APIC, HPET, PITI Nested virtualization

I PV guests






Attack Surface: Xen

I HVM guestsI HVM hypercalls (Subset of PV hypercalls)I Instruction emulation (MMIO, shadow pagetables)I Emulated platform devices: APIC, HPET, PIT

I Nested virtualization

I PV guests






Attack Surface: Xen

I HVM guestsI HVM hypercalls (Subset of PV hypercalls)I Instruction emulation (MMIO, shadow pagetables)I Emulated platform devices: APIC, HPET, PITI Nested virtualization

I PV guests






Attack Surface: Xen


I PV guests






Attack Surface: Xen


I PV guestsI PV Hypercalls

I Shared address space





Attack Surface: Xen


I PV guestsI PV HypercallsI Shared address space





Attack Surface: Xen







Attack Surface: Xen







Security feature: FLASK example policy

I What is FLASK?

I Xen Security Module (XSM): Xen equivalent of LSMI FLASK: Framework for XSM developed by NSAI Xen Equivalent of SELinuxI Uses same concepts, tools as SELinuxI Allows a policy to restrict hypercalls




I What is FLASK?I Xen Security Module (XSM): Xen equivalent of LSM

I FLASK: Framework for XSM developed by NSAI Xen Equivalent of SELinuxI Uses same concepts, tools as SELinuxI Allows a policy to restrict hypercalls




I What is FLASK?I Xen Security Module (XSM): Xen equivalent of LSMI FLASK: Framework for XSM developed by NSA

I Xen Equivalent of SELinuxI Uses same concepts, tools as SELinuxI Allows a policy to restrict hypercalls




I What is FLASK?I Xen Security Module (XSM): Xen equivalent of LSMI FLASK: Framework for XSM developed by NSAI Xen Equivalent of SELinux

I Uses same concepts, tools as SELinuxI Allows a policy to restrict hypercalls




I What is FLASK?I Xen Security Module (XSM): Xen equivalent of LSMI FLASK: Framework for XSM developed by NSAI Xen Equivalent of SELinuxI Uses same concepts, tools as SELinux

I Allows a policy to restrict hypercalls




I What is FLASK?I Xen Security Module (XSM): Xen equivalent of LSMI FLASK: Framework for XSM developed by NSAI Xen Equivalent of SELinuxI Uses same concepts, tools as SELinuxI Allows a policy to restrict hypercalls




I What can FLASK do?

I Basic: Restricts hypercalls to those needed by a particularguest

I Advanced: Allows more fine-grained granting of privilegesI FLASK example policy

I This contains example roles for dom0, domU, stub domains,driver domains, &c




I What can FLASK do?I Basic: Restricts hypercalls to those needed by a particular

guest

I Advanced: Allows more fine-grained granting of privilegesI FLASK example policy






guestI Advanced: Allows more fine-grained granting of privileges















I FLASK example policyI This contains example roles for dom0, domU, stub domains,

driver domains, &c



HowTo: Use the example FLASK policy

I Build Xen with XSM enabled

I Build the example policyI Add the appropriate label to guest config files

I seclabel=[foo]I stubdom label=[foo]

I http://wiki.xen.org/wiki/Xen Security Modules : XSM-FLASK

I WARNING: In 4.3, the example policy not extensively tested.Use with care!





I Build the example policy

I Add the appropriate label to guest config files

















I seclabel=[foo]

I stubdom label=[foo]





























Outline







Outline







Outline



I Consider some attack surfaces

I Xen features we can use to make them more secure




Outline







Outline




I Driver domains

I pvgrubI stub domainsI PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrub

I stub domainsI PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrubI stub domains

I PV vs HVMI FLASK example policy



Outline




I Driver domainsI pvgrubI stub domainsI PV vs HVM




Outline







Goal






Goal






Goal






Questions

Questions?

More info at http://wiki.xen.org/wiki/Securing XenCheck out our blog: http://blog.xen.org/


Technology

LCEU13: Securing your cloud with Xen's advanced security features - George Dunlap, Citrix