SlideShare a Scribd company logo

Analysis of monolithic and microkernel architectures

Download as PPTX, PDF
Shakil Ahmed
Shakil Ahmed

analysis of monolithic and microkernel architectures: towards secure hypervisor design. slide for describe the paper.

Science
1 of 25
Analysis of Monolithic and Microkernel Architectures: Towards secure Hypervisor Design by Dr. Jordan Shropshire PREPARED BY SHAKIL AHMED (19-91472-3). SERIAL: 12 ADVANCED OPERATING SYSTEM (MSCS).
Contents  Motivation of the Paper.  Background Hypervisors. Security Rings.  Trusted Code Base.  Monolithic and Microkernel Architectures.  Threat Model.  Analysis on Six Features  Management interface. Monitoring.  Hypercalls.  Interrupts. Networking. Storage. Conclusion.
Motivation of the Paper  The research mainly focused on hypervisor security from holistic perspective.  The author investigated the impact of monolithic and microkernel hypervisor architectures on the size and scope of the attack surface.  The research differentiate six architectural features such as management API, monitoring interface, hyper calls, interrupts, networking and I/O.  Those features are mainly used for attack vectors.  The research finalized with the observation of the relative strengths and vulnerabilities of both types of architectures (Monolithic and Microkernel) and made the decision that, no design is secured in terms of incorporate tradeoffs in core process.
Background: Hypervisor  A firmware, software or hardware that creates and runs virtual machine. Hypervisors also act as a bridge between virtual machine (VM) and hardware.  A computer on which a hypervisor is running one or more virtual machines is defined as a host machine.  We can call each virtual machine as a guest machine.  There are two types of hypervisors like Type 1 or bare-metal hypervisor: It doesn’t require additional OS, even it is a light OS.  Type 2 or hosted hypervisors: It is an application installed on an OS and not directly on the bare-metal.  Virtual machine sends request to hypervisor in form of hypercalls whereas hypercall is Paravirtualization concept by which VM kernel is altered.
Background: Hypervisor  Hypercalls are just like system calls.  It acts as a bridge between user mode applications and kernel functions.  Hypervisors receive interrupt signals to determine which VM should receive interrupt.  A scheduler is used for processing capabilities among virtual machines.
Background: Security Rings  A protection or security ring is the hierarchical protection domains and the mechanisms to protect data from faults and malicious behavior.  The ring consists of 3 rings “0 to 3” where “0” defines innermost and “3” defines the outermost ring.  Ring “0” is only active for kernel and it interacts with the hardware, basically corresponds with hypervisor.  Ring “1 and 2” are reserved for device drivers.  Ring “3” is only for user mode.  They provide the security buffer against accidental or intentional corruption.  A fault or an exception at an outer ring has less impact than inner ring.
Background: Trusted Code Base  It includes some components in core system process which insures the basic functionality and security.  It also supports isolation of an object.  Trusted code base should be smaller in size.  Due to smaller size, it excludes the less prior and non essential elements.  It also takes less effort to include component.
Background: Monolithic and Microkernel Architecture  Microkernel architectures are designed to minimize code in the hypervisor space.  The security rings “3” consists of management interface and application, security ring “1” consists of virtualization stack, management OS kernel and guest OS kernel and security ring “0” consists of hypervisor in microkernel. The figure 1 shows the architecture of the microkernel.  Ex: Xen, Hyper-V etc. Figure 1: Microkernel Architecture
Background: Monolithic and Microkernel Architecture  Monolithic architectures condense all the sub systems within a single entity.  Security ring “3” consists of application, ring “1” consists of guest OS kernel and ring “0” consists of management interface, virtualization stack and hypervisor kernel.  Compared to microkernel hypervisors the monolithic architecture has a larger footprint. The figure 2 shows the monolithic kernel architecture. Ex. ESXi etc. Figure 2: Monolithic Architecture
Threat Model  Hacker pursue any weakness in hypervisor to perform attack. Threat model expects an aggressors that will have logical access to hypervisor interfaces but not in hardware directly. An attack might occur from a entity which is hosted in hypervisor or from outside. Finding any host in any open port attacker might gain the opportunity to breach the system. If access is secured then attackers tries to elevate the privileges to achieve root level permission to breach into system.
Analysis on Six Features  In this section the author discussed the analysis of six features of hypervisors.  In terms of monolithic and microkernel the six features are differentiate.  The analysis focuses on differences in subsystem footprint, distribution of trusted code and impact of security ring configuration.
Analysis: Management Interface  This section notes the vulnerabilities and security tradeoffs in the management interface.  It allows remote agents to connect with a hypervisor and perform managerial duties such as initiating VM migrations, provisioning hardware and reconfiguring resource pools.  The management interface makes a prime target for attack.  Due to this vulnerability micro kernel tends to have more configuration options.  In monolithic architecture requires fewer classes than micro kernel architecture.  Micro kernel architecture is slightly better than monolithic kernel due to provide constraint in management interface which limit system customization.
Analysis: Monitoring  The monitoring interface allows external devices to query a hypervisor, receive metrics, prepare VM performance report or poll hardware.  Attackers would be interested in tapping into the monitoring system and changing reported metrics.  For resolving this, there are so many steps are introduced between monitoring interface and hypervisor. These steps will eliminate potential threat before perform query in hypervisor. Maximum steps found in micro kernel architecture is 14 steps and 10 steps for monolithic architecture.
Analysis: Monitoring Cont’d  For the purpose of illustration, the Hyper-V monitoring process is shown in figure 3.  Process: The VM management service receives a request for monitoring data.  The VMMS transfer to windows management instrumentation.  The WMI reads the request and trigger virtual interface drivers. Figure 3: Hyper-V monitoring Path.
Analysis: Monitoring Cont’d VID passes the request down the virtstack.  The virtstack reference the WinV library.  The root partition issues a hypercall.  Hardware performance is observed.  The hypervisor interrupts the root partition.  The performance data is moved up the virtstack to VID. The virtual machine kernel interrupts the WMI with the result.  When the metrics is prepared, the operation passed to the VMMS.  The interface finishes the request.
Analysis: Hypercalls  This section analyze weakness inherent in the hypercall subsystem.  Virtual machines use hypercalls to communicate with hypervisors.  Susceptible to attack by rooted virtual machines.  Corrupted hypercalls can deteriorate the system  From study, we also found larger hypercall libraries increases more risk.  Due to management partition in micro kernel architecture, it reduces the risk than monolithic architecture even though monolithic architecture require lesser hypercalls.
Analysis: Hypercalls cont’d  Hypercalls table for both microkernel and monolithic architecture. Table 1: Ranking of Hypercalls for microkernel and monolithic kernel.
Analysis: Interrupts  Hypervisor communicate with machine via interrupts.  The location of hypervisor and its interrupt descriptor table has implications for information security.  Emulator which are located in user space are susceptible to tempering.  So emulator which are located in privileged zone are hard to reach  Micro kernel architecture features an interrupts emulator in management partition in ring 3 whereas monolithic architecture resides interrupts emulator in hypervisor which require more permission
Analysis: Networking  The network subsystem provides virtual machine with its own emulated network adapter.  The network subsystem in primary target for attackers.  Attacker tries to read or modify packet data sent through the network  Regarding this, micro kernel architecture splits network process between management partition and hypervisor.  The network subsystem is divided between management partition and kernel  In monolithic architecture, entire network process occurs in ring 0
Analysis: Networking cont’d  For purposes of illustration, The ESXi network process is shown in figure 4.  Process:  Application issues a system call to initiate an asynchronous network operation.  The guest OS starts the network operation.  The hypervisor traps the instruction and copies the packet into a temporary data store in ring 0.  The hypervisor returns to the guest OS in ring 1. The guest returns to the appropriate application in ring 3. The emulated NIC (vlance instance for strict virtualization) device polls the temporary store and retrieves the packet. Figure 4: ESXi Network Path.
Analysis: Networking cont’d The emulator queries VMFS for the MAC address with the packet. The associated MAC address is returned for pairing with the datagram.  The formed packet is retrieved by the virtual switch for routing.  The packet exits the virtual switch process and enters the network stack.  The network stack finalizes the frame header and passes it to the drivers.  As the packet is being sent, a message is passed up the stack to inform the appropriate virtual NIC.  The device driver transmits the packet onto the network.  The hypervisor receives a response packet and stores it in a temporary buffer.  The packet is passed up the network stack.  The received packet elements enter the virtual switch for processing.  The emulated NIC accepts the packet and reformats the header. The packet is loaded into shared storage using the Vmbus.  An interrupt is sent to the virtual machine kernel, alerting to the received packet. The guest kernel interrupts the guest application.
Analysis: Storage  The I/O subsystem is another backend interface.  It abstracts physical device and provides a unique software emulation for VM  For monolithic architecture, the I/O process is condensed in ring 0  Even though it simplifies architecture but increases the vulnerability.  Micro kernel architecture stretches the I/O process in several rings from 3 to 0.  It reduces the risk by providing lesser access in hypervisor kernel
Analysis: Storage Cont’d  To illustrate the storage process, the Xen I/O architecture is depicted in Figure 5. Figure 5: Xen Storage Path.
Conclusion  The paper discussed about the vulnerabilities and security tradeoffs in monolithic and microkernel architectures. It also assessed the impact of six architectural features on the scope of the attack surface. Because both architectures have inherent weaknesses it is not possible to conclude that one is more secure than the other.
Thank You

Recommended

A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
Bp24447451
Bp24447451Bp24447451
Bp24447451IJERA Editor
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561RAKESH_CSU
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)Felipe Prado
 
A05510105
A05510105A05510105
A05510105IOSR-JEN
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 

Recommended

A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
Bp24447451
Bp24447451Bp24447451
Bp24447451IJERA Editor
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561RAKESH_CSU
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)Felipe Prado
 
A05510105
A05510105A05510105
A05510105IOSR-JEN
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITYAN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITYcsandit
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
 
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsmiaemedu
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...qqlan
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 
Cloud security test
Cloud security testCloud security test
Cloud security testSkillahead Navriti
 
REPORT1 new
REPORT1 newREPORT1 new
REPORT1 newsowmya seles
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 

More Related Content

What's hot

BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
 
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITYAN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITYcsandit
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
 
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsmiaemedu
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...qqlan
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 

What's hot (15)

BsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the ControllersBsidesSP: Pentesting in SDN - Owning the Controllers
BsidesSP: Pentesting in SDN - Owning the Controllers
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREHARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
 
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITYAN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY
 
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
 
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...
 
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsm
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight Controller
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]
 
D03302030036
D03302030036D03302030036
D03302030036
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networking
 

Similar to Analysis of monolithic and microkernel architectures

Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
An anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingAn anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingredpel dot com
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...abirpahlwan
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and ExploitationMattia Salvi
 

Similar to Analysis of monolithic and microkernel architectures (20)

Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine security
 
Cloud security test
Cloud security testCloud security test
Cloud security test
 
REPORT1 new
REPORT1 newREPORT1 new
REPORT1 new
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Seminar
SeminarSeminar
Seminar
 
An anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingAn anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computing
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docx
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...
Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervi...
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 

Recently uploaded

GBSN - Biochemistry (Unit 5) Chemistry of Lipids
GBSN - Biochemistry (Unit 5) Chemistry of LipidsGBSN - Biochemistry (Unit 5) Chemistry of Lipids
GBSN - Biochemistry (Unit 5) Chemistry of LipidsAreesha Ahmad
 
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...Scintica Instrumentation
 
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...Subhajit Sahu
 
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...Sérgio Sacani
 
Comparative structure of adrenal gland in vertebrates
Comparative structure of adrenal gland in vertebratesComparative structure of adrenal gland in vertebrates
Comparative structure of adrenal gland in vertebratessachin783648
 
NuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final versionNuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final versionpablovgd
 
Plant Biotechnology undergraduates note.pptx
Plant Biotechnology undergraduates note.pptxPlant Biotechnology undergraduates note.pptx
Plant Biotechnology undergraduates note.pptxyusufzako14
 
ESR_factors_affect-clinic significance-Pathysiology.pptx
ESR_factors_affect-clinic significance-Pathysiology.pptxESR_factors_affect-clinic significance-Pathysiology.pptx
ESR_factors_affect-clinic significance-Pathysiology.pptxmuralinath2
 
extra-chromosomal-inheritance[1].pptx.pdfpdf
extra-chromosomal-inheritance[1].pptx.pdfpdfextra-chromosomal-inheritance[1].pptx.pdfpdf
extra-chromosomal-inheritance[1].pptx.pdfpdfDiyaBiswas10
 
Structures and textures of metamorphic rocks
Structures and textures of metamorphic rocksStructures and textures of metamorphic rocks
Structures and textures of metamorphic rockskumarmathi863
 
Viksit bharat till 2047 India@2047.pptx
Viksit bharat till 2047 India@2047.pptxViksit bharat till 2047 India@2047.pptx
Viksit bharat till 2047 India@2047.pptxrakeshsharma20142015
 
platelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptxplatelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptxmuralinath2
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxAlguinaldoKong
 
insect taxonomy importance systematics and classification
insect taxonomy importance systematics and classificationinsect taxonomy importance systematics and classification
insect taxonomy importance systematics and classificationanitaento25
 
Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDASAMIR PANDA
 
FAIRSpectra - Towards a common data file format for SIMS images
FAIRSpectra - Towards a common data file format for SIMS imagesFAIRSpectra - Towards a common data file format for SIMS images
FAIRSpectra - Towards a common data file format for SIMS imagesAlex Henderson
 
BLOOD AND BLOOD COMPONENT- introduction to blood physiology
BLOOD AND BLOOD COMPONENT- introduction to blood physiologyBLOOD AND BLOOD COMPONENT- introduction to blood physiology
BLOOD AND BLOOD COMPONENT- introduction to blood physiologyNoelManyise1
 
Hemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptxHemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptxmuralinath2
 
Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Sérgio Sacani
 
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...NathanBaughman3
 

Recently uploaded (20)

GBSN - Biochemistry (Unit 5) Chemistry of Lipids
GBSN - Biochemistry (Unit 5) Chemistry of LipidsGBSN - Biochemistry (Unit 5) Chemistry of Lipids
GBSN - Biochemistry (Unit 5) Chemistry of Lipids
 
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...
(May 29th, 2024) Advancements in Intravital Microscopy- Insights for Preclini...
 
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
 
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...
Gliese 12 b, a temperate Earth-sized planet at 12 parsecs discovered with TES...
 
Comparative structure of adrenal gland in vertebrates
Comparative structure of adrenal gland in vertebratesComparative structure of adrenal gland in vertebrates
Comparative structure of adrenal gland in vertebrates
 
NuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final versionNuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final version
 
Plant Biotechnology undergraduates note.pptx
Plant Biotechnology undergraduates note.pptxPlant Biotechnology undergraduates note.pptx
Plant Biotechnology undergraduates note.pptx
 
ESR_factors_affect-clinic significance-Pathysiology.pptx
ESR_factors_affect-clinic significance-Pathysiology.pptxESR_factors_affect-clinic significance-Pathysiology.pptx
ESR_factors_affect-clinic significance-Pathysiology.pptx
 
extra-chromosomal-inheritance[1].pptx.pdfpdf
extra-chromosomal-inheritance[1].pptx.pdfpdfextra-chromosomal-inheritance[1].pptx.pdfpdf
extra-chromosomal-inheritance[1].pptx.pdfpdf
 
Structures and textures of metamorphic rocks
Structures and textures of metamorphic rocksStructures and textures of metamorphic rocks
Structures and textures of metamorphic rocks
 
Viksit bharat till 2047 India@2047.pptx
Viksit bharat till 2047 India@2047.pptxViksit bharat till 2047 India@2047.pptx
Viksit bharat till 2047 India@2047.pptx
 
platelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptxplatelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptx
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptx
 
insect taxonomy importance systematics and classification
insect taxonomy importance systematics and classificationinsect taxonomy importance systematics and classification
insect taxonomy importance systematics and classification
 
Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA
 
FAIRSpectra - Towards a common data file format for SIMS images
FAIRSpectra - Towards a common data file format for SIMS imagesFAIRSpectra - Towards a common data file format for SIMS images
FAIRSpectra - Towards a common data file format for SIMS images
 
BLOOD AND BLOOD COMPONENT- introduction to blood physiology
BLOOD AND BLOOD COMPONENT- introduction to blood physiologyBLOOD AND BLOOD COMPONENT- introduction to blood physiology
BLOOD AND BLOOD COMPONENT- introduction to blood physiology
 
Hemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptxHemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptx
 
Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...
 
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
 

Analysis of monolithic and microkernel architectures

  • 1. Analysis of Monolithic and Microkernel Architectures: Towards secure Hypervisor Design by Dr. Jordan Shropshire PREPARED BY SHAKIL AHMED (19-91472-3). SERIAL: 12 ADVANCED OPERATING SYSTEM (MSCS).
  • 2. Contents  Motivation of the Paper.  Background Hypervisors. Security Rings.  Trusted Code Base.  Monolithic and Microkernel Architectures.  Threat Model.  Analysis on Six Features  Management interface. Monitoring.  Hypercalls.  Interrupts. Networking. Storage. Conclusion.
  • 3. Motivation of the Paper  The research mainly focused on hypervisor security from holistic perspective.  The author investigated the impact of monolithic and microkernel hypervisor architectures on the size and scope of the attack surface.  The research differentiate six architectural features such as management API, monitoring interface, hyper calls, interrupts, networking and I/O.  Those features are mainly used for attack vectors.  The research finalized with the observation of the relative strengths and vulnerabilities of both types of architectures (Monolithic and Microkernel) and made the decision that, no design is secured in terms of incorporate tradeoffs in core process.
  • 4. Background: Hypervisor  A firmware, software or hardware that creates and runs virtual machine. Hypervisors also act as a bridge between virtual machine (VM) and hardware.  A computer on which a hypervisor is running one or more virtual machines is defined as a host machine.  We can call each virtual machine as a guest machine.  There are two types of hypervisors like Type 1 or bare-metal hypervisor: It doesn’t require additional OS, even it is a light OS.  Type 2 or hosted hypervisors: It is an application installed on an OS and not directly on the bare-metal.  Virtual machine sends request to hypervisor in form of hypercalls whereas hypercall is Paravirtualization concept by which VM kernel is altered.
  • 5. Background: Hypervisor  Hypercalls are just like system calls.  It acts as a bridge between user mode applications and kernel functions.  Hypervisors receive interrupt signals to determine which VM should receive interrupt.  A scheduler is used for processing capabilities among virtual machines.
  • 6. Background: Security Rings  A protection or security ring is the hierarchical protection domains and the mechanisms to protect data from faults and malicious behavior.  The ring consists of 3 rings “0 to 3” where “0” defines innermost and “3” defines the outermost ring.  Ring “0” is only active for kernel and it interacts with the hardware, basically corresponds with hypervisor.  Ring “1 and 2” are reserved for device drivers.  Ring “3” is only for user mode.  They provide the security buffer against accidental or intentional corruption.  A fault or an exception at an outer ring has less impact than inner ring.
  • 7. Background: Trusted Code Base  It includes some components in core system process which insures the basic functionality and security.  It also supports isolation of an object.  Trusted code base should be smaller in size.  Due to smaller size, it excludes the less prior and non essential elements.  It also takes less effort to include component.
  • 8. Background: Monolithic and Microkernel Architecture  Microkernel architectures are designed to minimize code in the hypervisor space.  The security rings “3” consists of management interface and application, security ring “1” consists of virtualization stack, management OS kernel and guest OS kernel and security ring “0” consists of hypervisor in microkernel. The figure 1 shows the architecture of the microkernel.  Ex: Xen, Hyper-V etc. Figure 1: Microkernel Architecture
  • 9. Background: Monolithic and Microkernel Architecture  Monolithic architectures condense all the sub systems within a single entity.  Security ring “3” consists of application, ring “1” consists of guest OS kernel and ring “0” consists of management interface, virtualization stack and hypervisor kernel.  Compared to microkernel hypervisors the monolithic architecture has a larger footprint. The figure 2 shows the monolithic kernel architecture. Ex. ESXi etc. Figure 2: Monolithic Architecture
  • 10. Threat Model  Hacker pursue any weakness in hypervisor to perform attack. Threat model expects an aggressors that will have logical access to hypervisor interfaces but not in hardware directly. An attack might occur from a entity which is hosted in hypervisor or from outside. Finding any host in any open port attacker might gain the opportunity to breach the system. If access is secured then attackers tries to elevate the privileges to achieve root level permission to breach into system.
  • 11. Analysis on Six Features  In this section the author discussed the analysis of six features of hypervisors.  In terms of monolithic and microkernel the six features are differentiate.  The analysis focuses on differences in subsystem footprint, distribution of trusted code and impact of security ring configuration.
  • 12. Analysis: Management Interface  This section notes the vulnerabilities and security tradeoffs in the management interface.  It allows remote agents to connect with a hypervisor and perform managerial duties such as initiating VM migrations, provisioning hardware and reconfiguring resource pools.  The management interface makes a prime target for attack.  Due to this vulnerability micro kernel tends to have more configuration options.  In monolithic architecture requires fewer classes than micro kernel architecture.  Micro kernel architecture is slightly better than monolithic kernel due to provide constraint in management interface which limit system customization.
  • 13. Analysis: Monitoring  The monitoring interface allows external devices to query a hypervisor, receive metrics, prepare VM performance report or poll hardware.  Attackers would be interested in tapping into the monitoring system and changing reported metrics.  For resolving this, there are so many steps are introduced between monitoring interface and hypervisor. These steps will eliminate potential threat before perform query in hypervisor. Maximum steps found in micro kernel architecture is 14 steps and 10 steps for monolithic architecture.
  • 14. Analysis: Monitoring Cont’d  For the purpose of illustration, the Hyper-V monitoring process is shown in figure 3.  Process: The VM management service receives a request for monitoring data.  The VMMS transfer to windows management instrumentation.  The WMI reads the request and trigger virtual interface drivers. Figure 3: Hyper-V monitoring Path.
  • 15. Analysis: Monitoring Cont’d VID passes the request down the virtstack.  The virtstack reference the WinV library.  The root partition issues a hypercall.  Hardware performance is observed.  The hypervisor interrupts the root partition.  The performance data is moved up the virtstack to VID. The virtual machine kernel interrupts the WMI with the result.  When the metrics is prepared, the operation passed to the VMMS.  The interface finishes the request.
  • 16. Analysis: Hypercalls  This section analyze weakness inherent in the hypercall subsystem.  Virtual machines use hypercalls to communicate with hypervisors.  Susceptible to attack by rooted virtual machines.  Corrupted hypercalls can deteriorate the system  From study, we also found larger hypercall libraries increases more risk.  Due to management partition in micro kernel architecture, it reduces the risk than monolithic architecture even though monolithic architecture require lesser hypercalls.
  • 17. Analysis: Hypercalls cont’d  Hypercalls table for both microkernel and monolithic architecture. Table 1: Ranking of Hypercalls for microkernel and monolithic kernel.
  • 18. Analysis: Interrupts  Hypervisor communicate with machine via interrupts.  The location of hypervisor and its interrupt descriptor table has implications for information security.  Emulator which are located in user space are susceptible to tempering.  So emulator which are located in privileged zone are hard to reach  Micro kernel architecture features an interrupts emulator in management partition in ring 3 whereas monolithic architecture resides interrupts emulator in hypervisor which require more permission
  • 19. Analysis: Networking  The network subsystem provides virtual machine with its own emulated network adapter.  The network subsystem in primary target for attackers.  Attacker tries to read or modify packet data sent through the network  Regarding this, micro kernel architecture splits network process between management partition and hypervisor.  The network subsystem is divided between management partition and kernel  In monolithic architecture, entire network process occurs in ring 0
  • 20. Analysis: Networking cont’d  For purposes of illustration, The ESXi network process is shown in figure 4.  Process:  Application issues a system call to initiate an asynchronous network operation.  The guest OS starts the network operation.  The hypervisor traps the instruction and copies the packet into a temporary data store in ring 0.  The hypervisor returns to the guest OS in ring 1. The guest returns to the appropriate application in ring 3. The emulated NIC (vlance instance for strict virtualization) device polls the temporary store and retrieves the packet. Figure 4: ESXi Network Path.
  • 21. Analysis: Networking cont’d The emulator queries VMFS for the MAC address with the packet. The associated MAC address is returned for pairing with the datagram.  The formed packet is retrieved by the virtual switch for routing.  The packet exits the virtual switch process and enters the network stack.  The network stack finalizes the frame header and passes it to the drivers.  As the packet is being sent, a message is passed up the stack to inform the appropriate virtual NIC.  The device driver transmits the packet onto the network.  The hypervisor receives a response packet and stores it in a temporary buffer.  The packet is passed up the network stack.  The received packet elements enter the virtual switch for processing.  The emulated NIC accepts the packet and reformats the header. The packet is loaded into shared storage using the Vmbus.  An interrupt is sent to the virtual machine kernel, alerting to the received packet. The guest kernel interrupts the guest application.
  • 22. Analysis: Storage  The I/O subsystem is another backend interface.  It abstracts physical device and provides a unique software emulation for VM  For monolithic architecture, the I/O process is condensed in ring 0  Even though it simplifies architecture but increases the vulnerability.  Micro kernel architecture stretches the I/O process in several rings from 3 to 0.  It reduces the risk by providing lesser access in hypervisor kernel
  • 23. Analysis: Storage Cont’d  To illustrate the storage process, the Xen I/O architecture is depicted in Figure 5. Figure 5: Xen Storage Path.
  • 24. Conclusion  The paper discussed about the vulnerabilities and security tradeoffs in monolithic and microkernel architectures. It also assessed the impact of six architectural features on the scope of the attack surface. Because both architectures have inherent weaknesses it is not possible to conclude that one is more secure than the other.