0
Hyper-V Security Brandon Baker Senior Development Lead Microsoft William Arbaugh Principal Architect Microsoft October 31s...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
What is Hyper-V? <ul><li>Full machine virtualization </li></ul><ul><li>Component of Windows Server 2008 x64 </li></ul><ul>...
How to install Hyper-V October 31st, 2008 ACM CCS / VMSec
What is Hyper-V? <ul><li>Has three major components: </li></ul><ul><ul><li>Hypervisor </li></ul></ul><ul><ul><li>Virtualiz...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
VMM Arrangements <ul><li>Hosted Virtualization </li></ul><ul><li>Hypervisor Virtualization </li></ul><ul><li>Examples </li...
Monolithic Versus Microkernel <ul><li>Monolithic hypervisor </li></ul><ul><ul><li>Simpler than a modern kernel, but still ...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VMMS Service WMI Provider Guest Partitions Ri...
Hypervisor <ul><li>Partitioning Kernel </li></ul><ul><ul><li>Partition is isolation boundary </li></ul></ul><ul><ul><li>Fe...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VM Service WMI Provider Guest Partitions Gues...
Security Assumptions <ul><li>Guests are untrusted </li></ul><ul><li>Root must be trusted by hypervisor; parent must be tru...
Security Goals <ul><li>Strong isolation between partitions </li></ul><ul><li>Protect confidentiality and integrity of gues...
Security Non-Goals <ul><li>Things we don’t do in Hyper-V v1 </li></ul><ul><ul><li>Mitigate hardware bleed-through (inferen...
Root Partition Guest Partitions Hyper-V Security Model Windows AuthN October 31st, 2008 ACM CCS / VMSec Server Core Virtua...
Hypervisor Security Model <ul><li>Memory </li></ul><ul><ul><li>Physical Address to Partition map maintained by Hv </li></u...
Virtualization Attacks Root Partition Guest Partitions Server Hardware Guest Applications Hackers OS Kernel VMBus Provided...
Hyper-V Security Hardening (1/2) <ul><li>Hypervisor has separate address space </li></ul><ul><ul><li>Guest addresses != Hy...
Hyper-V Security Hardening (2/2) <ul><li>Hypervisor built with  </li></ul><ul><ul><li>ASLR </li></ul></ul><ul><ul><li>Stac...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
Maslow’s Hierarchy of Virtualization Security October 31st, 2008 ACM CCS / VMSec
Challenges – Implementation <ul><li>Security of the platform </li></ul><ul><ul><li>SDL </li></ul></ul><ul><ul><li>Simplify...
Challenges – Management <ul><li>VM security level </li></ul><ul><ul><li>Host suitability </li></ul></ul><ul><li>Identity <...
Challenges – Realization <ul><li>Projecting security invariants into VMs </li></ul><ul><li>Monitoring VM behavior </li></u...
Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li...
What are we exploring? <ul><li>Measured launch </li></ul><ul><li>IOMMU support </li></ul><ul><li>TPM virtualization </li><...
Measured Launch <ul><li>Start with Dynamic Root of Trust Measurement (DRTM) </li></ul><ul><ul><li>AMD SKINIT  </li></ul></...
I/O Memory Management Unit (IOMMU) <ul><li>Used for containing and directing device traffic </li></ul><ul><ul><li>Access t...
TPM Virtualization <ul><li>Open questions: </li></ul><ul><ul><li>What is the right way to expose TPM functionality to VMs?...
For More Information <ul><li>Email me thoughts, ideas, questions </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul>...
Upcoming SlideShare
Loading in...5
×

Hyper-V Security

2,101

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,101
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
95
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Beta is in the box with Server 2008. Hit Windows Update and grab KB950050 to get the final RTM bits.
  • Linus quote: https://lists.linux-foundation.org/pipermail/desktop_architects/2007-August/002446.html
  • Technically there is no such thing as Ring “-1”. The hypervisor runs in a partition itself, complete with Ring 0 and Ring 3. It’s a unique Monitor Mode partition. Hypervisor Partitioning Kernel Partition is isolation boundary Few virtualization functions; relies on virtualization stack Very thin layer of software Microkernel Highly reliable No device drivers Two versions, one for Intel and one for AMD Drivers run in the root Leverage the large base of Windows drivers Well-defined interface Allow others to create support for their OSes as guests Virt Stack Portion of traditional hypervisor that has been pushed up and out to make a micro-hypervisor Manages guest partitions Handles intercepts Emulates devices
  • Guests are untrusted Root must be trusted by hypervisor; parent must be trusted by children. Code will run in all available processor modes, rings, and segments Hypercall interface will be well documented and widely available to attackers. All hypercalls can be attempted by guests Can detect you are running on a hypervisor We’ll even give you the version The internal design of the hypervisor will be well understood
  • Hypervisor is the first kernel model and lower component built with ASLR. All new code, built from the ground up with SDL.
  • These are things we had to get right in the product, or else there would be no product. TWC, SDL, and hard work. Microsoft knows how to do this, but I wouldn’t go so far to say it’s in our DNA. Requires constant focus, training, and will. Need someone to push for security at all stages, across all component teams and disciplines.
  • Now that you have this system, how do you keep it from getting too unwieldy? System Center, offline servicing tool, active directory, AzMan, Forefront. Pieces are here, we, as a company, are starting to bring them together. Everyone needs to think about virtualization to get it right.
  • Now that we have virtualization, what new can we do with it? Very powerful capability. I assert we can’t use it to solve the problems in management - that’s self referential. And we have to be extremely careful to not weaken the core.
  • This is the mitigation for Blue Pill, hyperviruses.
  • TPM wasn’t designed to be virtualized – there is only one PCR 0, which is set by the BIOS. How do multiple OS’s share that?
  • Transcript of "Hyper-V Security"

    1. 1. Hyper-V Security Brandon Baker Senior Development Lead Microsoft William Arbaugh Principal Architect Microsoft October 31st, 2008 ACM CCS / VMSec
    2. 2. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    3. 3. What is Hyper-V? <ul><li>Full machine virtualization </li></ul><ul><li>Component of Windows Server 2008 x64 </li></ul><ul><li>Beta shipped in box </li></ul><ul><li>RTM available through Windows Update </li></ul>ACM CCS / VMSec October 31st, 2008
    4. 4. How to install Hyper-V October 31st, 2008 ACM CCS / VMSec
    5. 5. What is Hyper-V? <ul><li>Has three major components: </li></ul><ul><ul><li>Hypervisor </li></ul></ul><ul><ul><li>Virtualization Stack </li></ul></ul><ul><ul><li>Virtual Devices </li></ul></ul><ul><li>Requires hardware assisted virtualization </li></ul><ul><ul><li>AMD AMD-V </li></ul></ul><ul><ul><li>Intel VT </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    6. 6. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    7. 7. VMM Arrangements <ul><li>Hosted Virtualization </li></ul><ul><li>Hypervisor Virtualization </li></ul><ul><li>Examples </li></ul><ul><li>VMware Workstation </li></ul><ul><li>KVM </li></ul><ul><li>Virtual PC & Virtual Server </li></ul><ul><li>Examples </li></ul><ul><li>VMware ESX </li></ul><ul><li>Xen </li></ul><ul><li>Hyper-V </li></ul>Host OS Guest 1 Guest 2 Guest 1 Guest 2 October 31st, 2008 ACM CCS / VMSec VMM VMM Hardware Hardware
    8. 8. Monolithic Versus Microkernel <ul><li>Monolithic hypervisor </li></ul><ul><ul><li>Simpler than a modern kernel, but still complex </li></ul></ul><ul><ul><li>Implements driver model </li></ul></ul><ul><li>Microkernel hypervisor </li></ul><ul><ul><li>Simple partitioning functionality </li></ul></ul><ul><ul><li>Increase reliability and minimizes TCB </li></ul></ul><ul><ul><li>No third-party code </li></ul></ul><ul><ul><li>Drivers run in root guest </li></ul></ul>All virtualization systems have a VMM, drivers, virtualization software, and management interfaces. Hypervisor VM 1 (Admin) VM 2 VM 3 Hardware Hardware Hypervisor VM 2 (“Child”) VM 3 (“Child”) October 31st, 2008 ACM CCS / VMSec
    9. 9. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    10. 10. Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VMMS Service WMI Provider Guest Partitions Ring 0 Ring 3 Guest Applications Hyper-V Architecture Partition VMCS/VMCB APIC MMU CPU Ring 0 Ring 3 Ring “-1” October 31st, 2008 ACM CCS / VMSec Windows Kernel Virtualization Stack Device Drivers Windows hypervisor Virtualization Service Clients (VSCs) OS Kernel Enlightenments VMBus Provided by: Windows ISV Hyper-V Storage NIC
    11. 11. Hypervisor <ul><li>Partitioning Kernel </li></ul><ul><ul><li>Partition is isolation boundary </li></ul></ul><ul><ul><li>Few virtualization functions; relies on virtualization stack </li></ul></ul><ul><li>Very thin layer of software </li></ul><ul><ul><li>Microkernel </li></ul></ul><ul><ul><li>Highly reliable </li></ul></ul><ul><li>No device drivers </li></ul><ul><ul><li>Two versions, one for Intel and one for AMD </li></ul></ul><ul><ul><li>Drivers run in the root </li></ul></ul><ul><ul><li>Leverage the large base of Windows drivers </li></ul></ul><ul><li>Well-defined interface </li></ul><ul><ul><li>Allow others to create support for their OSes as guests </li></ul></ul><ul><li>Runs within the root partition </li></ul><ul><li>Portion of traditional hypervisor that has been pushed up and out to make a micro-hypervisor </li></ul><ul><li>Manages guest partitions </li></ul><ul><li>Handles intercepts </li></ul><ul><li>Emulates devices </li></ul>Virtualization Stack October 31st, 2008 ACM CCS / VMSec
    12. 12. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    13. 13. Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VM Service WMI Provider Guest Partitions Guest Applications Hyper-V TCB Partition October 31st, 2008 ACM CCS / VMSec Windows Kernel Virtualization Stack Device Drivers Windows hypervisor Virtualization Service Clients (VSCs) OS Kernel Enlightenments VMBus
    14. 14. Security Assumptions <ul><li>Guests are untrusted </li></ul><ul><li>Root must be trusted by hypervisor; parent must be trusted by children. </li></ul><ul><li>Code will run in all available processor modes, rings, and segments </li></ul><ul><li>Hypercall interface will be well documented and widely available to attackers. </li></ul><ul><li>All hypercalls can be attempted by guests </li></ul><ul><li>Can detect you are running on a hypervisor </li></ul><ul><li>We’ll even give you the version </li></ul><ul><li>The internal design of the hypervisor will be well understood </li></ul>October 31st, 2008 ACM CCS / VMSec
    15. 15. Security Goals <ul><li>Strong isolation between partitions </li></ul><ul><li>Protect confidentiality and integrity of guest data </li></ul><ul><li>Separation </li></ul><ul><ul><ul><li>Unique hypervisor resource pools per guest </li></ul></ul></ul><ul><ul><ul><li>Separate worker processes per guest </li></ul></ul></ul><ul><ul><ul><li>Guest-to-parent communications over unique channels </li></ul></ul></ul><ul><li>Non-interference </li></ul><ul><ul><ul><li>Guests cannot affect the contents of other guests, parent, hypervisor </li></ul></ul></ul><ul><ul><ul><li>Guest computations protected from other guests </li></ul></ul></ul><ul><ul><ul><li>Guest-to-guest communications not allowed through VM interfaces </li></ul></ul></ul><ul><ul><ul><li>Memory, registers, and caches scrubbed on VM context switch </li></ul></ul></ul>October 31st, 2008 ACM CCS / VMSec
    16. 16. Security Non-Goals <ul><li>Things we don’t do in Hyper-V v1 </li></ul><ul><ul><li>Mitigate hardware bleed-through (inference attacks) </li></ul></ul><ul><ul><li>Mitigate covert channels </li></ul></ul><ul><ul><li>Guarantee availability </li></ul></ul><ul><ul><li>Protect guests from the root </li></ul></ul><ul><ul><li>Protect the hypervisor from the root </li></ul></ul><ul><ul><li>Utilize trusted hardware </li></ul></ul><ul><ul><ul><li>TPM, Device Assignment, DMA protection, Secure Launch </li></ul></ul></ul>October 31st, 2008 ACM CCS / VMSec
    17. 17. Root Partition Guest Partitions Hyper-V Security Model Windows AuthN October 31st, 2008 ACM CCS / VMSec Server Core Virtualization Stack Windows hypervisor Guest OS Kernel Guest Applications VMBus AzMan Hypercall Part ID 1 Hypercall Part ID 2…n Partition Privileges VM Config Part ID to VM Config VMCS Memory Map
    18. 18. Hypervisor Security Model <ul><li>Memory </li></ul><ul><ul><li>Physical Address to Partition map maintained by Hv </li></ul></ul><ul><ul><li>Parent/Child ownership model on memory </li></ul></ul><ul><ul><li>Can supersede access rights in guest page tables (R, W, X) </li></ul></ul><ul><li>CPU </li></ul><ul><ul><li>Hardware guarantees cache & register isolation, TLB flushing, instruction interception </li></ul></ul><ul><li>I/O </li></ul><ul><ul><li>Hypervisor enforces Parent policy for all guest access to I/O ports </li></ul></ul><ul><ul><li>Hyper-V v1 policy is guests have no access to real hardware </li></ul></ul><ul><li>Hypervisor Interface </li></ul><ul><ul><li>Partition privilege model </li></ul></ul><ul><ul><li>Guests access to hypercalls, instructions, MSRs with security impact enforced based on Parent policy </li></ul></ul><ul><ul><li>Hyper-V v1 policy is guests have no access to privileged instructions </li></ul></ul><ul><li>Uses Authorization Manager (AzMan) </li></ul><ul><ul><li>Fine grained authorization and access control </li></ul></ul><ul><ul><li>Department and role based </li></ul></ul><ul><ul><li>Segregate who can manage groups of VMs </li></ul></ul><ul><li>Define specific functions for individuals or roles </li></ul><ul><ul><li>Start, stop, create, add hardware, change drive image </li></ul></ul><ul><li>VM administrators don’t have to be Server 2008 administrators </li></ul><ul><li>Guest resources are controlled by per VM configuration files </li></ul><ul><li>Shared resources are protected </li></ul><ul><ul><li>Read-only (CD ISO file) </li></ul></ul><ul><ul><li>Copy on write (differencing disks) </li></ul></ul>Hyper-V Security Model October 31st, 2008 ACM CCS / VMSec
    19. 19. Virtualization Attacks Root Partition Guest Partitions Server Hardware Guest Applications Hackers OS Kernel VMBus Provided by: Windows ISV Hyper-V October 31st, 2008 ACM CCS / VMSec Virtualization Service Providers (VSPs) Windows Kernel Server Core Device Drivers Virtualization Stack VM Worker Processes VM Service WMI Provider Virtualization Service Clients (VSCs) Enlightenments VMBus Windows hypervisor
    20. 20. Hyper-V Security Hardening (1/2) <ul><li>Hypervisor has separate address space </li></ul><ul><ul><li>Guest addresses != Hypervisor addresses </li></ul></ul><ul><li>No 3 rd party code in the Hypervisor </li></ul><ul><li>Limited number of channels from guests to hypervisor </li></ul><ul><ul><li>No “IOCTL”-like things </li></ul></ul><ul><li>Guest to guest communication through hypervisor is prohibited </li></ul><ul><li>No shared memory mapped between guests </li></ul><ul><li>Guests never touch real hardware i/o </li></ul>October 31st, 2008 ACM CCS / VMSec
    21. 21. Hyper-V Security Hardening (2/2) <ul><li>Hypervisor built with </li></ul><ul><ul><li>ASLR </li></ul></ul><ul><ul><li>Stack guard cookies (/GS) </li></ul></ul><ul><ul><li>Hardware No eXecute (NX) </li></ul></ul><ul><ul><li>Code pages marked read only </li></ul></ul><ul><ul><li>Memory guard pages </li></ul></ul><ul><ul><li>Limited exception handling </li></ul></ul><ul><ul><li>Hypervisor binary is signed </li></ul></ul><ul><li>Hypervisor and Root components completed SDL </li></ul><ul><ul><li>Threat modeling </li></ul></ul><ul><ul><li>Static Analysis </li></ul></ul><ul><ul><li>Fuzz testing </li></ul></ul><ul><ul><li>Penetration testing </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    22. 22. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    23. 23. Maslow’s Hierarchy of Virtualization Security October 31st, 2008 ACM CCS / VMSec
    24. 24. Challenges – Implementation <ul><li>Security of the platform </li></ul><ul><ul><li>SDL </li></ul></ul><ul><ul><li>Simplify </li></ul></ul><ul><ul><li>Separate </li></ul></ul><ul><ul><li>Push complexity out and up </li></ul></ul><ul><li>Hypervisor correctness </li></ul><ul><ul><li>“ Is this hypervisor safe?” </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    25. 25. Challenges – Management <ul><li>VM security level </li></ul><ul><ul><li>Host suitability </li></ul></ul><ul><li>Identity </li></ul><ul><li>Administration </li></ul><ul><li>Patching </li></ul><ul><li>Software Inventory </li></ul><ul><li>Compliance </li></ul><ul><li>Antivirus </li></ul><ul><li>Network vs. virtual network security </li></ul><ul><ul><li>“ Are my policies safe?” </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    26. 26. Challenges – Realization <ul><li>Projecting security invariants into VMs </li></ul><ul><li>Monitoring VM behavior </li></ul><ul><li>Behavior modification </li></ul><ul><li>Intercepting VM data flows </li></ul><ul><li>“ Can I make my OS safer by being a VM?” </li></ul>October 31st, 2008 ACM CCS / VMSec
    27. 27. Agenda <ul><li>What is Hyper-V? </li></ul><ul><li>Why a hypervisor? </li></ul><ul><li>Quick Background & Architecture </li></ul><ul><li>Security Model </li></ul><ul><li>Challenges </li></ul><ul><li>Future Directions </li></ul>October 31st, 2008 ACM CCS / VMSec
    28. 28. What are we exploring? <ul><li>Measured launch </li></ul><ul><li>IOMMU support </li></ul><ul><li>TPM virtualization </li></ul>October 31st, 2008 ACM CCS / VMSec
    29. 29. Measured Launch <ul><li>Start with Dynamic Root of Trust Measurement (DRTM) </li></ul><ul><ul><li>AMD SKINIT </li></ul></ul><ul><ul><li>Intel SENTER </li></ul></ul><ul><li>DRTM resets processor to clean state and executes secure loader </li></ul><ul><ul><li>Loader starts a measurement chain </li></ul></ul><ul><li>Allows for measurement and policy enforcement on hypervisor </li></ul>October 31st, 2008 ACM CCS / VMSec
    30. 30. I/O Memory Management Unit (IOMMU) <ul><li>Used for containing and directing device traffic </li></ul><ul><ul><li>Access to memory </li></ul></ul><ul><ul><li>Interrupts </li></ul></ul><ul><li>Under development and goes by lots of names </li></ul><ul><ul><li>IOMMU (long-standing use in industry, AMD) </li></ul></ul><ul><ul><li>DMA Remapping (Intel/Microsoft) </li></ul></ul><ul><ul><li>VT-d, VT-d2 (Intel) </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    31. 31. TPM Virtualization <ul><li>Open questions: </li></ul><ul><ul><li>What is the right way to expose TPM functionality to VMs? </li></ul></ul><ul><ul><ul><li>Low level hardware interface vs. hypercall </li></ul></ul></ul><ul><ul><ul><li>TPM wasn’t designed to be virtualized </li></ul></ul></ul><ul><ul><li>How should you handle measurements across VM migrations? </li></ul></ul><ul><ul><ul><li>If a VM is sealed to a platform, it can’t be migrated. </li></ul></ul></ul><ul><ul><ul><li>If a VM isn’t sealed to a platform, how much trust do you have? </li></ul></ul></ul>October 31st, 2008 ACM CCS / VMSec
    32. 32. For More Information <ul><li>Email me thoughts, ideas, questions </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>H ypervisor Interface Specification </li></ul><ul><ul><li>http://msdn.microsoft.com/en-us/library/bb969686.aspx </li></ul></ul><ul><li>Black Hat presentations </li></ul><ul><ul><li>http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html </li></ul></ul><ul><li>RSA Virtualization Blog </li></ul><ul><ul><li>http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspx </li></ul></ul>October 31st, 2008 ACM CCS / VMSec
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×