Hyper-V Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,654
On Slideshare
2,654
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
94
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Beta is in the box with Server 2008. Hit Windows Update and grab KB950050 to get the final RTM bits.
  • Linus quote: https://lists.linux-foundation.org/pipermail/desktop_architects/2007-August/002446.html
  • Technically there is no such thing as Ring “-1”. The hypervisor runs in a partition itself, complete with Ring 0 and Ring 3. It’s a unique Monitor Mode partition. Hypervisor Partitioning Kernel Partition is isolation boundary Few virtualization functions; relies on virtualization stack Very thin layer of software Microkernel Highly reliable No device drivers Two versions, one for Intel and one for AMD Drivers run in the root Leverage the large base of Windows drivers Well-defined interface Allow others to create support for their OSes as guests Virt Stack Portion of traditional hypervisor that has been pushed up and out to make a micro-hypervisor Manages guest partitions Handles intercepts Emulates devices
  • Guests are untrusted Root must be trusted by hypervisor; parent must be trusted by children. Code will run in all available processor modes, rings, and segments Hypercall interface will be well documented and widely available to attackers. All hypercalls can be attempted by guests Can detect you are running on a hypervisor We’ll even give you the version The internal design of the hypervisor will be well understood
  • Hypervisor is the first kernel model and lower component built with ASLR. All new code, built from the ground up with SDL.
  • These are things we had to get right in the product, or else there would be no product. TWC, SDL, and hard work. Microsoft knows how to do this, but I wouldn’t go so far to say it’s in our DNA. Requires constant focus, training, and will. Need someone to push for security at all stages, across all component teams and disciplines.
  • Now that you have this system, how do you keep it from getting too unwieldy? System Center, offline servicing tool, active directory, AzMan, Forefront. Pieces are here, we, as a company, are starting to bring them together. Everyone needs to think about virtualization to get it right.
  • Now that we have virtualization, what new can we do with it? Very powerful capability. I assert we can’t use it to solve the problems in management - that’s self referential. And we have to be extremely careful to not weaken the core.
  • This is the mitigation for Blue Pill, hyperviruses.
  • TPM wasn’t designed to be virtualized – there is only one PCR 0, which is set by the BIOS. How do multiple OS’s share that?

Transcript

  • 1. Hyper-V Security Brandon Baker Senior Development Lead Microsoft William Arbaugh Principal Architect Microsoft October 31st, 2008 ACM CCS / VMSec
  • 2. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 3. What is Hyper-V?
    • Full machine virtualization
    • Component of Windows Server 2008 x64
    • Beta shipped in box
    • RTM available through Windows Update
    ACM CCS / VMSec October 31st, 2008
  • 4. How to install Hyper-V October 31st, 2008 ACM CCS / VMSec
  • 5. What is Hyper-V?
    • Has three major components:
      • Hypervisor
      • Virtualization Stack
      • Virtual Devices
    • Requires hardware assisted virtualization
      • AMD AMD-V
      • Intel VT
    October 31st, 2008 ACM CCS / VMSec
  • 6. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 7. VMM Arrangements
    • Hosted Virtualization
    • Hypervisor Virtualization
    • Examples
    • VMware Workstation
    • KVM
    • Virtual PC & Virtual Server
    • Examples
    • VMware ESX
    • Xen
    • Hyper-V
    Host OS Guest 1 Guest 2 Guest 1 Guest 2 October 31st, 2008 ACM CCS / VMSec VMM VMM Hardware Hardware
  • 8. Monolithic Versus Microkernel
    • Monolithic hypervisor
      • Simpler than a modern kernel, but still complex
      • Implements driver model
    • Microkernel hypervisor
      • Simple partitioning functionality
      • Increase reliability and minimizes TCB
      • No third-party code
      • Drivers run in root guest
    All virtualization systems have a VMM, drivers, virtualization software, and management interfaces. Hypervisor VM 1 (Admin) VM 2 VM 3 Hardware Hardware Hypervisor VM 2 (“Child”) VM 3 (“Child”) October 31st, 2008 ACM CCS / VMSec
  • 9. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 10. Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VMMS Service WMI Provider Guest Partitions Ring 0 Ring 3 Guest Applications Hyper-V Architecture Partition VMCS/VMCB APIC MMU CPU Ring 0 Ring 3 Ring “-1” October 31st, 2008 ACM CCS / VMSec Windows Kernel Virtualization Stack Device Drivers Windows hypervisor Virtualization Service Clients (VSCs) OS Kernel Enlightenments VMBus Provided by: Windows ISV Hyper-V Storage NIC
  • 11. Hypervisor
    • Partitioning Kernel
      • Partition is isolation boundary
      • Few virtualization functions; relies on virtualization stack
    • Very thin layer of software
      • Microkernel
      • Highly reliable
    • No device drivers
      • Two versions, one for Intel and one for AMD
      • Drivers run in the root
      • Leverage the large base of Windows drivers
    • Well-defined interface
      • Allow others to create support for their OSes as guests
    • Runs within the root partition
    • Portion of traditional hypervisor that has been pushed up and out to make a micro-hypervisor
    • Manages guest partitions
    • Handles intercepts
    • Emulates devices
    Virtualization Stack October 31st, 2008 ACM CCS / VMSec
  • 12. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 13. Root Virtualization Service Providers (VSPs) Server Core VM Worker Processes VM Service WMI Provider Guest Partitions Guest Applications Hyper-V TCB Partition October 31st, 2008 ACM CCS / VMSec Windows Kernel Virtualization Stack Device Drivers Windows hypervisor Virtualization Service Clients (VSCs) OS Kernel Enlightenments VMBus
  • 14. Security Assumptions
    • Guests are untrusted
    • Root must be trusted by hypervisor; parent must be trusted by children.
    • Code will run in all available processor modes, rings, and segments
    • Hypercall interface will be well documented and widely available to attackers.
    • All hypercalls can be attempted by guests
    • Can detect you are running on a hypervisor
    • We’ll even give you the version
    • The internal design of the hypervisor will be well understood
    October 31st, 2008 ACM CCS / VMSec
  • 15. Security Goals
    • Strong isolation between partitions
    • Protect confidentiality and integrity of guest data
    • Separation
        • Unique hypervisor resource pools per guest
        • Separate worker processes per guest
        • Guest-to-parent communications over unique channels
    • Non-interference
        • Guests cannot affect the contents of other guests, parent, hypervisor
        • Guest computations protected from other guests
        • Guest-to-guest communications not allowed through VM interfaces
        • Memory, registers, and caches scrubbed on VM context switch
    October 31st, 2008 ACM CCS / VMSec
  • 16. Security Non-Goals
    • Things we don’t do in Hyper-V v1
      • Mitigate hardware bleed-through (inference attacks)
      • Mitigate covert channels
      • Guarantee availability
      • Protect guests from the root
      • Protect the hypervisor from the root
      • Utilize trusted hardware
        • TPM, Device Assignment, DMA protection, Secure Launch
    October 31st, 2008 ACM CCS / VMSec
  • 17. Root Partition Guest Partitions Hyper-V Security Model Windows AuthN October 31st, 2008 ACM CCS / VMSec Server Core Virtualization Stack Windows hypervisor Guest OS Kernel Guest Applications VMBus AzMan Hypercall Part ID 1 Hypercall Part ID 2…n Partition Privileges VM Config Part ID to VM Config VMCS Memory Map
  • 18. Hypervisor Security Model
    • Memory
      • Physical Address to Partition map maintained by Hv
      • Parent/Child ownership model on memory
      • Can supersede access rights in guest page tables (R, W, X)
    • CPU
      • Hardware guarantees cache & register isolation, TLB flushing, instruction interception
    • I/O
      • Hypervisor enforces Parent policy for all guest access to I/O ports
      • Hyper-V v1 policy is guests have no access to real hardware
    • Hypervisor Interface
      • Partition privilege model
      • Guests access to hypercalls, instructions, MSRs with security impact enforced based on Parent policy
      • Hyper-V v1 policy is guests have no access to privileged instructions
    • Uses Authorization Manager (AzMan)
      • Fine grained authorization and access control
      • Department and role based
      • Segregate who can manage groups of VMs
    • Define specific functions for individuals or roles
      • Start, stop, create, add hardware, change drive image
    • VM administrators don’t have to be Server 2008 administrators
    • Guest resources are controlled by per VM configuration files
    • Shared resources are protected
      • Read-only (CD ISO file)
      • Copy on write (differencing disks)
    Hyper-V Security Model October 31st, 2008 ACM CCS / VMSec
  • 19. Virtualization Attacks Root Partition Guest Partitions Server Hardware Guest Applications Hackers OS Kernel VMBus Provided by: Windows ISV Hyper-V October 31st, 2008 ACM CCS / VMSec Virtualization Service Providers (VSPs) Windows Kernel Server Core Device Drivers Virtualization Stack VM Worker Processes VM Service WMI Provider Virtualization Service Clients (VSCs) Enlightenments VMBus Windows hypervisor
  • 20. Hyper-V Security Hardening (1/2)
    • Hypervisor has separate address space
      • Guest addresses != Hypervisor addresses
    • No 3 rd party code in the Hypervisor
    • Limited number of channels from guests to hypervisor
      • No “IOCTL”-like things
    • Guest to guest communication through hypervisor is prohibited
    • No shared memory mapped between guests
    • Guests never touch real hardware i/o
    October 31st, 2008 ACM CCS / VMSec
  • 21. Hyper-V Security Hardening (2/2)
    • Hypervisor built with
      • ASLR
      • Stack guard cookies (/GS)
      • Hardware No eXecute (NX)
      • Code pages marked read only
      • Memory guard pages
      • Limited exception handling
      • Hypervisor binary is signed
    • Hypervisor and Root components completed SDL
      • Threat modeling
      • Static Analysis
      • Fuzz testing
      • Penetration testing
    October 31st, 2008 ACM CCS / VMSec
  • 22. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 23. Maslow’s Hierarchy of Virtualization Security October 31st, 2008 ACM CCS / VMSec
  • 24. Challenges – Implementation
    • Security of the platform
      • SDL
      • Simplify
      • Separate
      • Push complexity out and up
    • Hypervisor correctness
      • “ Is this hypervisor safe?”
    October 31st, 2008 ACM CCS / VMSec
  • 25. Challenges – Management
    • VM security level
      • Host suitability
    • Identity
    • Administration
    • Patching
    • Software Inventory
    • Compliance
    • Antivirus
    • Network vs. virtual network security
      • “ Are my policies safe?”
    October 31st, 2008 ACM CCS / VMSec
  • 26. Challenges – Realization
    • Projecting security invariants into VMs
    • Monitoring VM behavior
    • Behavior modification
    • Intercepting VM data flows
    • “ Can I make my OS safer by being a VM?”
    October 31st, 2008 ACM CCS / VMSec
  • 27. Agenda
    • What is Hyper-V?
    • Why a hypervisor?
    • Quick Background & Architecture
    • Security Model
    • Challenges
    • Future Directions
    October 31st, 2008 ACM CCS / VMSec
  • 28. What are we exploring?
    • Measured launch
    • IOMMU support
    • TPM virtualization
    October 31st, 2008 ACM CCS / VMSec
  • 29. Measured Launch
    • Start with Dynamic Root of Trust Measurement (DRTM)
      • AMD SKINIT
      • Intel SENTER
    • DRTM resets processor to clean state and executes secure loader
      • Loader starts a measurement chain
    • Allows for measurement and policy enforcement on hypervisor
    October 31st, 2008 ACM CCS / VMSec
  • 30. I/O Memory Management Unit (IOMMU)
    • Used for containing and directing device traffic
      • Access to memory
      • Interrupts
    • Under development and goes by lots of names
      • IOMMU (long-standing use in industry, AMD)
      • DMA Remapping (Intel/Microsoft)
      • VT-d, VT-d2 (Intel)
    October 31st, 2008 ACM CCS / VMSec
  • 31. TPM Virtualization
    • Open questions:
      • What is the right way to expose TPM functionality to VMs?
        • Low level hardware interface vs. hypercall
        • TPM wasn’t designed to be virtualized
      • How should you handle measurements across VM migrations?
        • If a VM is sealed to a platform, it can’t be migrated.
        • If a VM isn’t sealed to a platform, how much trust do you have?
    October 31st, 2008 ACM CCS / VMSec
  • 32. For More Information
    • Email me thoughts, ideas, questions
      • [email_address]
      • [email_address]
    • H ypervisor Interface Specification
      • http://msdn.microsoft.com/en-us/library/bb969686.aspx
    • Black Hat presentations
      • http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html
    • RSA Virtualization Blog
      • http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspx
    October 31st, 2008 ACM CCS / VMSec