Data Breaches are all over the news these days, and no organization is safe. Nobody, from the largest governments to the biggest banks to the most advanced security companies is able to adequately protect themselves. The difficulty is that there are infinite number of ways to exfiltrate data from an organization ranging from stolen/lost hardware to steganography to malicious insiders to 0Day exploits installing malware to side channels. The industry is trying to solve this problem using detection, heuristics, pattern matching and behavioral analysis. A new approach is clearly needed to fight the Data Breach problem and keep data inside an organization. Come find out how to use Hypervisors to repurpose hardware to protect sensitive data under the assumption of compromised networks, devices and users (Malicious Insiders). In addition, find out how to do so without using any type of detection, heuristics, pattern matching or behavioral analysis, but rather a strictly algorithmic approach rooted in hardware. Finally, learn about how this technology can be used in a generic manner to protect data of DataBases, Server Software, unmodified legacy applications, and unmodified consumer applications such as word processing and spreadsheet software.

1. Hypervisor Enforced
Data Loss Prevention
Presented by:
Neil Sikka

2. Outline
• Problem Statement
• Goals
• Technical Architecture
• Messaging Subsystem
• Graphics Subsystem
• Storage Subsystem
• Crypto Subsystem
• Security Architecture

3. Problem: Data Breach
Causes:
• Sensitive data is unencrypted in memory for processing by the application.
Modern malware is capable of stealing data out of memory in this decrypted
state.
• External Attackers can steal data via:
• 0Day exploits/malware • Stolen credentials
• Malicious Insiders can steal data via:
• Email • USB Storage • DVDs • Deliberate Malware Installation
• Copy/Paste functionality • Device Theft • Kernel Malware/Debugger

4. Detection is Dead
• Malicious insider wants to exfiltrate this Social Security Number out of organization: 999-96-1770
“(GreAtest tHr33 d1G1t iNtegeR) - (nUmbEr oF C3nts in A doLLar - 4) - (YeAr tHe
US DecLaRati0n of INd3P3Nd3NC3 was sIgNeD - )”
“I can see nine hundred and ninety nine green ducks sitting in a row. 96 of them have
extra long beaks. There are one thousand seven hundred and seventy ducks total in the
flock of ducks.
• Detections, heuristics, pattern matching and behavioral analysis can be bypassed in an infinite
number of ways
• Same reason why signature based antivirus is outdated
• Its even easier for reverse engineers to bypass detections when the vendor distributes the
binaries/signatures of the DLP system to run on endpoints
• Hardware enforced algorithmic approach is not vulnerable to anomalous attack patterns

5. Goals
• Protect Data under assumption of compromised:
• Users(Kernel debuggers)
• Devices(Kernel rootkits)
• Networks(Routers)
• Algorithmic rather than Heuristic DLP
• Transparent to legacy applications and unmodified popular
applications and Users
• Use “military grade” approaches
• Hardware-enforced Hypervisor isolation
• High strength cryptography

6. Solution: Hypervisor Enforced DLP
• Endpoint Security Software
• “Look But Don’t Touch”
• Use the Hypervisor’s Containerization capability to isolate data from user,
network and external attacks, preventing Data Breaches (Hypervisor
Enforced DLP)
• Decrypt cypher text inside of hardware-isolated VM Containers, process the
data and then re-encrypt the same before it is sent out of the VM Container
for storage or distribution
• The end user experience is largely unchanged
• Keep data within an organization by locking down data to:
• Authorized users/groups AND
• Authorized device(s)
• Software only solution - No additional hardware required

7. Desktop Experience

8. Environment
• Windows 7 64 bit Untrusted Domain
• Windows 7 64 bit Trusted Domain
• Xen-4.4.0
• Paravirtual drivers in Untrusted Domain/Trusted Domain
• Dom0: x86_64 Linux 3.19.1

9. Messaging Subsystem
• No network connection in Trusted Domain
• Security risk
• Configuration and small messages passed in XenStore
• Large data passed via grant pages & event channels
• 2 separate protocols over Xenstore:
• Seamless Protocol
• Shunt Protocol

10. Graphics Subsystem
• Similar to VirtualBox’s “Seamless Mode”
• Seamless Protocol: Trusted Domain QEMU<--->Display Domain
Seamless.exe
• Trusted Domain userland Window Hooks (Windows 7)
• User32!SetWinEventHook
• Write Window coordinates to VGA device IO ports, sent over Seamless protocol
• XPDM display driver architecture
• Heavy modifications to Trusted Domain’s QEMU’s SDL layer
• Hooked Keyboard/Mouse events are received over Seamless Protocol from
Destination Domain’s Seamless.exe
• DisplaySurface on grant pages shared with Display Container
• Event Channel fired for rendered surfaces ready to display
• Event Channel fired for Keyboard/Mouse IO from Seamless.exe

11. Graphics Subsystem (2)
• Custom Seamless SDL application
• Display surface grant pages mapped
• Mouse/Keyboard events written to Seamless Protocol
• Windows clipped out of display surface
• Custom LALR grammars defined to handle large screen surface grant
reference allocations
• ~3MB of surface grant pages
• XenStore only handles strings, not integers

12. Seamless Protocol Diagram

13. Storage Subsystem
• Shunt Model
• Need to share files
• No SMB because Trusted Domain is offline
• OCFS for Windows, IBM GPFS, etc. require complex configurations
• NTFS virtual disk
• Mutually Exclusive mount to Trusted/Untrusted Domains
• Runs over Messaging Subsystem
• Always mounted in one of the two Domains
• Filesystem Minifilter in Trusted Domain
• Encrypt Data before writing to disk
• Decrypt Data after reading from disk
• Shunt Protocol for communicating Untrusted Domain/Trusted Domain

14. Shunt Protocol
• Protocol Commands
• Open: Dom0 passes through message Untrusted Domain->Trusted Domain
• Detach: initiated from inside DomU, Dom0 does block-detach after DomU
graceful unmount
• Application Exit: Dom0 passes through message Trusted Domain->Untrusted
Domain
• Protocol endpoints in Untrusted Domain/Trusted Domain execute
relevant Windows APIs

15. Shunt Protocol Diagram

16. Crypto Subsystem
• PGP: DLP Key (Asymmetric) protects File Key (Symmetric)
• DLP Key unique per user per device
• Multiple Trusted Domain instances on a machine have same DLP key for a
given user
• Each Trusted Domain’s vTPM protects DLP Key
• DLP Key decrypts File Key
• File Key decrypts File
• handed to minifilter driver

17. Security Architecture
• Domains containing unencrypted Data, Keys or graphics are sensitive
• Trusted Domain (multiple)
• Don’t forward to Untrusted Domain because of screen scraping malware
• Display Domain
• Dom0
• Trusted Domain image based on known good hashes
• IO Encryption VM (similar to OpenXT VPN VM)
• File Key is combination of secrets in Trusted Domain & IO Encryption VM

18. Questions
We are Hiring
Neil Sikka
neils@A1Logic.com
202-888-7765 x 121
www.A1Logic.com
@A1Logic