14. v We have to enter domains of unfathomable trust
Bromium Confidential
Tuesday, November 27, 12
15. v We have to enter domains of unfathomable trust
v Our systems cannot protect us from unknown threats
Bromium Confidential
Tuesday, November 27, 12
16. p C
ktoation Pa onf
s tc ig
De aliz hi &
tu ng
Vir
D ev t
at en in y
Pr
a t Po rit
Lo io
ss n nd cu
E e
S
Tuesday, November 27, 12
17. p C
ktoation Pa onf
s tc ig
De aliz hi &
tu ng
Vir
D ev t
at en in y
Pr
a t Po rit
Lo io
ss n nd cu
E e
S
Tuesday, November 27, 12
20. Protect the system
core by isolating it
completely
Tuesday, November 27, 12
21. Decouple execution Protect the system
dependencies into mutually core by isolating it
distrustful tasks completely
Tuesday, November 27, 12
22. Decouple execution Protect the system
dependencies into mutually core by isolating it
distrustful tasks completely
Control communication
between all tasks and with
the outside world
Tuesday, November 27, 12
23. Decouple execution Protect the system
dependencies into mutually core by isolating it
distrustful tasks completely
Control communication
between all tasks and with
the outside world
Restrict each task’s access
to data & resources, based
on “least privilege”
Tuesday, November 27, 12
24. Decouple execution Protect the system
dependencies into mutually core by isolating it
distrustful tasks completely
Control communication
between all tasks and with
the outside world
Restrict each task’s access Never trust
to data & resources, based information from an
on “least privilege” untrustworthy task
Tuesday, November 27, 12
28. Tiny code base for
Bromium
maximum security Microvisor I/O MMU (VT-d)
TXT & TPM based
hardware root of trust
Hardware
Virtualization
(VT-x)
10
Tuesday, November 27, 12
29. Bromium Micro-virtualization
Isolate vulnerable Lightweight, fast,
tasks within a single hidden, with an
Windows desktop unchanged native UX
Tiny code base for
Bromium
maximum security Microvisor I/O MMU (VT-d)
TXT & TPM based
hardware root of trust
Hardware
Virtualization
(VT-x)
10
Tuesday, November 27, 12
31. Windows
and
IT
provisioned
apps
are
trusted
Apps OS
Libs Kernel
Tuesday, November 27, 12
32. The
Microvisor
isolates
vulnerable
tasks
from
Windows,
each
other
&
key
system
resources
Microvisor
Apps OS
Libs Kernel
Tuesday, November 27, 12
33. Microvisor
Each
vulnerable
task
is
instantly
isolated
in
a
micro-‐VM,
invisible
to
Hypercall
API
Apps OS
Libs Kernel the
user
Tuesday, November 27, 12
34. Micro-‐VMs
have
“least
privilege”
Microvisor
access
to
files,
networks
&
devices,
and
execute
CoW
Hypercall
API
Apps OS
Libs Kernel
Tuesday, November 27, 12
35. Micro-‐VMs
have
“least
privilege”
Microvisor
access
to
files,
networks
&
devices,
and
execute
CoW
Hypercall
API
Apps OS
Libs Kernel
Tuesday, November 27, 12
36. Microvisor
Apps OS
Libs Kernel
Tuesday, November 27, 12