• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
A Feather-weight Virtual Machine for Windows Applications
 

A Feather-weight Virtual Machine for Windows Applications

on

  • 1,095 views

 

Statistics

Views

Total Views
1,095
Views on SlideShare
1,095
Embed Views
0

Actions

Likes
0
Downloads
14
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    A Feather-weight Virtual Machine for Windows Applications A Feather-weight Virtual Machine for Windows Applications Presentation Transcript

    • A Feather-weight Virtual Machine for Windows Applications Speaker: Susanta Nanda Other Co-authors : Yang Yu, Fanglu Guo, Lap-chung Lam, Tzi-cker Chiueh Computer Science Department SUNY at Stony Brook VEE’06
    • VM as a “Playground”
      • “ Try out” new applications
        • Realistic environment similar/identical to the host
        • Isolated Execution
          • Malicious code
          • Environment modifications: configuration, libraries
        • Possibly commit the installation to the host system if the application is found OK
      • Essential Building block for Fault/Intrusion Tolerant Systems
      VEE’06
    • Virtualization Approaches to support “Playground machines”
      • Hardware virtualization
        • Cumbersome to initialize a VM with current host environment while maintaining isolation
        • Committing modifications is tough as the information available is too low-level
      • Application Virtualization
        • Does not virtualize all system components, e.g. network interface, kernel objects, GUI components
        • IPC confinement is not good enough
      • OS-level Virtualization suits better
      VEE’06
    • Feather-weight Virtual Machine
      • Goals:
        • Fast cloning of the host environment
        • One-way isolation
        • Low overhead
        • Windows Platform
      • Approach: OS-level virtualization on Windows
        • Namespace virtualization at the system call level
        • Resource sharing: file system, OS kernel, registry, …
        • Copy on Write to isolate modifications
        • IPC confinement: semaphore, mutant, event, window message, …
      VEE’06
    • FVM Approach HARDWARE OS EXECUTIVE VIRTUALIZATION LAYER OS KERNEL DEVICE DRIVERS VM1 Apps VMn Apps Host Apps VEE’06
    • Similar Systems
      • Unix-like OS
        • FreeBSD Jail, Linux VServer, Solaris Containers, Virtuozzo, Trigence AE, Meiosys, MobiDesk, Alcatraz
      • Windows OS
        • Virtuozzo, PDS, Softricity, AppStream, Thinstall, GreenBorder, …
    • Main Challenges for FVM
      • Too many different types of namespaces
        • Files, registries, objects, mailslots, named pipes, IP address, desktop (container for windows), …
      • Sophisticated IPC mechanisms
        • kernel objects: events, sections, port (LPCs), …
        • window messages
      • Service (daemon) management
      • Virtualizing desktop applications
        • GUI applications
        • Network server applications
    • FVM Components
      • File Virtualization
        • Prefix VM id to the path
        • Copy on Write on the VM-specific root directory
        • Virtualize device files: mailslots, named pipes, etc.
        • Enumeration: merge directory entries (private and host)
        • Log deleted/renamed files
      • Registry
        • Similar to file
        • Copy keys and values of first-level children to avoid complicated merge for enumeration (lookup by index)
      • Object
        • mutex, event, semaphore, timer, shared memory, ports, …
        • Global objects (created by system daemons) not virtualized
    • FVM Components contd…
      • “ Desktop” Virtualization
        • Window messages
        • Window visibility
      • Services (Daemons)
        • Service control manager
        • Service database
      • Network interface
        • IP aliasing
        • Bind(): Transparently replace IP address within a VM by its own IP address
    • FVM Virtualization Layer FVM virtualization layer (kernel mode) Network address Daemon (service) Windows NT Executive FVM virtualization layer (user mode) System Libraries user mode kernel mode Host application VM application VM application File I/O Process/ Thread Sync Object Registry DB Window management
    • VM state
      • VM id
      • Private root file system
      • Private root registry
      • Private root object directory
      • Delete/rename log : file, registry
      • Policy: resource quota, network access, directory filter
      • IP address (optional)
      • “ Dir “ command : Δ -File U (Host.File) - DeleteLog
      A VM Container Proc-1 Proc-2 Proc-3 Δ -File Δ -Registry Δ -Object Created and modified Delete/ Rename Log VM policy read access write access VM IP address
    • VM operations
      • CreateVM/DeleteVM
      • CopyVM , ConfigureVM
      • StartVM/StopVM
      • SuspendVM/ResumeVM
        • Suspends threads, zeroes working set size, application windows are made invisible
      • CommitVM
        • Overwrite host states by a stopped VM states
        • Selective and automatic commit
          • Analyze side effects before committing
        • Suspicious updates warning
    • Evaluation
      • Effectiveness
        • Multiple application instances
        • Updates isolation: file and registry
        • Small overhead: VM creation, disk space…
      • Limitations
        • Sharing through kernel
        • User-space boot components sharing
        • Easy to distinguish real from virtual
    • Performance: System Call Overhead 3% 48814 47244 NtSetInformationFile 67% 330123 198261 NtQueryFullAttributesFile 83% 263355 144010 NtQueryAttributesFile 77% 303569 171508 NtOpenFile 21% 412087 340568 NtCreateFile Overhead FVM (CPU cycles) Native (CPU cycles) System Calls
    • Performance: CoW Overhead
    • Performance: Relative Comparison
    • Applications
      • Secure mobile code execution
      • Vulnerable network applications:
        • Web browsers, Email clients, …
      • Study vulnerability in applications
      • Automatic Sandboxing
        • Committed files are marked and invoked inside VMs
    • Conclusion
      • A light-weight OS-level virtualization on Windows
        • Small overhead/resource requirement
        • Fast cloning of host environment
        • Synchronization between VM and host
        • State isolation
        • Applications:
          • intrusion tolerance, application streaming
    • A Feather-weight Virtual Machine for Windows Applications Thank You