SlideShare a Scribd company logo
Pitfalls of virtual machine 
introspection on modern hardware 
Tamas K. Lengyel 
@tklengyel 
tamas@tklengyel.com
Agenda 
1. VMI intro 
2. Software attacks 
● Direct Kernel Structure Manipulation 
● Direct Kernel Object Manipulation 
3. Hardware attacks 
● Translation Lookaside Buffer poisoning 
● Extended Page Tables limitations 
● System Management mode 
4. Conclusion
Virtual Machine Introspection (VMI) 
Interpret virtual hardware state 
● Network, Disk, vCPU & Memory 
● The semantic gap problem: 
Reconstruct high-level state information from low-level 
data-sources.
Bridging the semantic gap 
● The guest OS is in charge of managing the virtual 
hardware 
– How to get the info from it? 
● Install in-guest agent to query using standard 
interfaces 
– If OS is compromised in-guest agent can be disabled 
/ tampered with 
– Just as vulnerable as your AntiVirus
Bridging the semantic gap 
● Replicate guest OS functions externally 
– In-guest code-hooks are avoided 
– Requires expert knowledge on OS and hardware 
behavior 
– Requires debug data to understand in-memory data-structures 
● This is where the problems begin 
– The weak and the strong semantic gap
Direct Kernel Object Manipulation 
2004: DKOM - Mangle in-memory data-structures to hide 
elements 
LibVMI example: 
size_t vmi_read_va( 
vmi_instance_t vmi, 
addr_t vaddr, 
vmi_pid_t pid, // This is interpreted by 
// walking the list 
void *buf, 
size_t count);
Direct Kernel Structure Manipulation 
DKSM: Subverting Virtual Machine Introspection for Fun 
and Profit (2010) 
● Patch in-guest system to interpret structures 
differently 
Ex ternal interp retation Interna l interpreta tion 
typedef struct _FOO 
{ 
void* my_pointer; 
unsigned long my_value; 
} FOO; 
typedef struct _NEWFOO 
{ 
unsigned long my_value; 
void* my_pointer; 
} NEWFOO;
Translation lookaside buffer (TLB) poisoning 
● Virtual to physical address 
translation is expensive 
● Hardware managed transparent 
cache of the results 
● Separate cache for read/write and 
instruction fetch (Harvard-style 
architecture)! 
● Opportunity to whack it out of sync! 
● Shadow Walker / FU rootkit
TLB poisoning 
Original algorithm: 
Input: Splitting Page Address (addr) 
Pagetable Entry for addr (pte) 
invalidate_instr_tlb (pte); // flush TLB 
pte = the_shadow_code_page (addr); // replace PTE in memory 
mark_global (pte); // disable auto-flush 
reload_instr_tlb (pte); // load it into TLB 
pte = the_orig_code_page (addr); // put original entry back
TLB poisoning and virtualization 
Automatically flush of the TLB on 
every VMEXIT/VMENTRY 
● TLB (poisoning) is impossible 
● Performance hit 
Introduction of TLB tagging (VPID) in Intel Nehalem (2008) 
● 16-bit field specified in the VMCS for each vCPU 
● Performance boost! 
● VM TLB entries invisible to the VMM 
● The problem is not (just) the split TLB
TLB poisoning with Windows / Linux 
TLB poisoning uses global pages 
● CR4.PGE (bit 7) 
● Makes PTE’s marked as global survive context-switches 
(MOV-TO-CR3) 
● Great performance boost for kernel pages! 
Windows 7 
● Regularly flushes global pages by disabled & re-enabling 
CR4.PGE 
Linux 
● Doesn’t touch CR4.PGE after boot
The tagged TLB in Xen 
● The TLB tag is assigned to the vCPU from a global 
counter 
asid->asid = data->next_asid++; 
● No flushes, just assign a new tag when needed 
● When 16-bit field is exhausted, flush and start from 1 
● A new tag is assigned on every MOV-TO-CR3 
– The use of global pages disabled in the guest! 
– The TLB needs to be primed on each context-switch
The tagged TLB in KVM 
● Tag is assigned when vCPU structure is created 
– Doesn’t matter if the vCPU is activated or not 
– Ran out of assignable tags? 
● Disable tagging and revert to old 
VMENTRY/VMEXIT TLB flushing 
● Priming the TLB in Linux guests on KVM is a problem 
for VMI 
● However, the split TLB still has issues
The sTLB! 
Intel Nehalem introduced second-level cache: sTLB 
The problem: 
● Split-TLB relies on a custom page-fault handler being 
called to re-split the TLB when it’s evicted 
● With sTLB, the entry is brought back into the 1st level 
cache 
– ..both into the iTLB & the dTLB 
– Split-TLB becomes unsplit! 
● Split-TLB poisoning is unreliable in VMs!
MoRE Shadow Walker 
2014: The evolution of TLB splitting on x86 
● Guests can’t disable the sTLB by themselves 
● However, sTLB doesn’t merge entries with conflicting 
PTE permissions 
– 1st level PTEs can have R, R+W or R+E permissions 
– 2nd level (EPT) PTEs can have R, R+W or E 
permissions! 
● Reliable TLB splitting requires VMM support!
Extended Page Tables (EPT) 
Speed up guest virtual to machine 
physical address translation 
Two sets of tables 
● 1st layer managed by guest OS 
● 2nd layer managed by the VMM 
Permissions can be different in the two 
layers!
Extended Page Tables (EPT) 
Can be used to trace the execution and memory accesses 
made by the guest 
● Transparently 
● 4k Page-level granularity at best 
● Need to filter unrelated events! 
Notable commercial examples:
EPT limitations 
● Only the start address and type 
of the violation is recorded 
● We don't know how much 
memory is involved 
● The operating system by default starts R/W operation 
at the start of a variable 
● But it is not enforced 
● Violations in the vicinity of a watched area need to 
be treated as potential hits
EPT limitations 
Read/Write violation ambiguities 
"An EPT violation that occurs during as a result of execution of a read-modify-write 
operation sets bit 1 (data write). Whether it also sets bit 0 (data read) is 
implementation-specific and, for a given implementation, may differ for different kinds 
of read-modify-write operations." 
Intel SDM 
“Counter question: Why can't the hardware report true characteristics right away?” 
Jan Beulich – SuSE 
“when spec says so, there is a reason but I can't tell here. :-)” 
Kevin Tian – Intel
EPT limitations 
Read/Write violation ambiguities 
"An EPT violation that occurs during as a result of execution of a read-modify-write 
operation sets bit 1 (data write). Whether it also sets bit 0 (data read) is 
implementation-specific and, for a given implementation, may differ for different kinds 
of read-modify-write operations." 
Intel SDM 
It is possible to siphon data using r-m-w operations from a 
page that doesn’t allow reading! 
Fixed in Xen 4.5
EPT limitations 
● Single EPT per guest 
– Not a hardware limitation 
– Could have separate EPT for each vCPU 
● Tracing with multi-vCPUs 
– EPT permissions need to be relaxed while one vCPU 
is advanced 
– Race condition 
– All vCPUs need to be paused while one vCPU is 
singlestepped
System Management Mode (SMM) 
SMM intended for low-level services, such as: 
● thermal (fan) control 
● USB emulation 
● hardware errata workarounds 
Can be used for: 
● VMI 
● Anti-VMI! 
Hard to take control of it on (most) Intel devices as it is 
loaded by the BIOS
SMM 
● Normal mode SMM is 
triggered by interrupts 
(SMI) 
● Can be configured to 
happen periodically 
● Always returns to the 
same execution mode 
afterwards
SMM 
The problem for SMM based VMI systems: 
“A limitation of any SMM-based solution [...] is that a 
malicious hypervisor could block SMI interrupts on every 
CPU in the APIC, effectively starving the introspection tool. 
For VMI, trusting the hypervisor is not a problem, but the 
hardware isolation from the hypervisor is incomplete.” 
Jain et al. “SoK: Introspections on Trust and the Semantic Gap” 2014, IEEE S&P
Intel Dual-monitor mode SMM 
● Available on all CPUs 
with VT-x (?) 
● SMM can become an 
independent 
hypervisor 
● VMCALL in VMX-root!
Intel Dual-mode SMM 
The VMCALL instruction can be used to instrument the 
VMM 
● Same way INT3 can be used to instrument a VM 
● Starvation is impossible via the APIC 
The SMM can enter any execution mode 
● Full control over the execution flow 
● Hidden VMs 
The SMM can temporarily disable SMIs for a VM! 
● Forced execution
Conclusion 
VMI is powerful but has issues 
● The strong semantic gap 
Hardware support is better 
● Tagged TLB is a problem 
● Split-TLB requires VMM support 
● EPT corner-cases need to be taken into consideration 
Dual-mode SMM is un(der)-explored

More Related Content

What's hot

BSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisBSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysis
Tamas K Lengyel
 
VM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with XenVM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with Xen
Tamas K Lengyel
 
VM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzingVM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzing
Tamas K Lengyel
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
Tamas K Lengyel
 
Применение виртуализации для динамического анализа
Применение виртуализации для динамического анализаПрименение виртуализации для динамического анализа
Применение виртуализации для динамического анализа
Positive Hack Days
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
Tamas K Lengyel
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Tamas K Lengyel
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
Shota Shinogi
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
PacSecJP
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Shota Shinogi
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr Brown
zeroSteiner
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
Tamas K Lengyel
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?
zeroSteiner
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
DefconRussia
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Peter Hlavaty
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
Priyanka Aash
 
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CanSecWest
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Nate Lawson
 

What's hot (20)

BSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysisBSides Denver: Stealthy, hypervisor-based malware analysis
BSides Denver: Stealthy, hypervisor-based malware analysis
 
VM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with XenVM Forking and Hypervisor-based Fuzzing with Xen
VM Forking and Hypervisor-based Fuzzing with Xen
 
VM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzingVM Forking and Hypervisor-based fuzzing
VM Forking and Hypervisor-based fuzzing
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
 
Применение виртуализации для динамического анализа
Применение виртуализации для динамического анализаПрименение виртуализации для динамического анализа
Применение виртуализации для динамического анализа
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr Brown
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
 

Similar to Pitfalls of virtual machine introspection on modern hardware

Core Scheduling for Virtualization: Where are We? (If we Want it!)
Core Scheduling for Virtualization: Where are We? (If we Want it!)Core Scheduling for Virtualization: Where are We? (If we Want it!)
Core Scheduling for Virtualization: Where are We? (If we Want it!)
Dario Faggioli
 
VXCON 2017
VXCON 2017VXCON 2017
VXCON 2017
Kelvin Chan
 
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMUSFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
Linaro
 
Buiding a better Userspace - The current and future state of QEMU and KVM int...
Buiding a better Userspace - The current and future state of QEMU and KVM int...Buiding a better Userspace - The current and future state of QEMU and KVM int...
Buiding a better Userspace - The current and future state of QEMU and KVM int...
aliguori
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF Session
Bart Leppens
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by Suzaki
Kuniyasu Suzaki
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
PROIDEA
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
distortdistort
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkits
Edgar Barbosa
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
Peter Hlavaty
 
Intel update
Intel updateIntel update
Intel update
The Linux Foundation
 
003-vmm.pptx
003-vmm.pptx003-vmm.pptx
003-vmm.pptx
TrongMinhHoang1
 
Armboot process zeelogic
Armboot process zeelogicArmboot process zeelogic
Armboot process zeelogic
Aleem Shariff
 
Five cool ways the JVM can run Apache Spark faster
Five cool ways the JVM can run Apache Spark fasterFive cool ways the JVM can run Apache Spark faster
Five cool ways the JVM can run Apache Spark faster
Tim Ellison
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overview
Linaro
 
SR-IOV Introduce
SR-IOV IntroduceSR-IOV Introduce
SR-IOV Introduce
Lingfei Kong
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
testslebew
 
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORSDEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
Felipe Prado
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Hypervisors
HypervisorsHypervisors
Hypervisors
SrikantMishra12
 

Similar to Pitfalls of virtual machine introspection on modern hardware (20)

Core Scheduling for Virtualization: Where are We? (If we Want it!)
Core Scheduling for Virtualization: Where are We? (If we Want it!)Core Scheduling for Virtualization: Where are We? (If we Want it!)
Core Scheduling for Virtualization: Where are We? (If we Want it!)
 
VXCON 2017
VXCON 2017VXCON 2017
VXCON 2017
 
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMUSFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
 
Buiding a better Userspace - The current and future state of QEMU and KVM int...
Buiding a better Userspace - The current and future state of QEMU and KVM int...Buiding a better Userspace - The current and future state of QEMU and KVM int...
Buiding a better Userspace - The current and future state of QEMU and KVM int...
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF Session
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by Suzaki
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkits
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
Intel update
Intel updateIntel update
Intel update
 
003-vmm.pptx
003-vmm.pptx003-vmm.pptx
003-vmm.pptx
 
Armboot process zeelogic
Armboot process zeelogicArmboot process zeelogic
Armboot process zeelogic
 
Five cool ways the JVM can run Apache Spark faster
Five cool ways the JVM can run Apache Spark fasterFive cool ways the JVM can run Apache Spark faster
Five cool ways the JVM can run Apache Spark faster
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overview
 
SR-IOV Introduce
SR-IOV IntroduceSR-IOV Introduce
SR-IOV Introduce
 
ZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdfZertoCON_Support_Toolz.pdf
ZertoCON_Support_Toolz.pdf
 
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORSDEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 
Hypervisors
HypervisorsHypervisors
Hypervisors
 

More from Tamas K Lengyel

Estimating Security Risk Through Repository Mining
Estimating Security Risk Through Repository MiningEstimating Security Risk Through Repository Mining
Estimating Security Risk Through Repository Mining
Tamas K Lengyel
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Tamas K Lengyel
 
Anti-evil maid with UEFI and Xen
Anti-evil maid with UEFI and XenAnti-evil maid with UEFI and Xen
Anti-evil maid with UEFI and Xen
Tamas K Lengyel
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
Tamas K Lengyel
 
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningNSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
Tamas K Lengyel
 
Dfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopDfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshop
Tamas K Lengyel
 

More from Tamas K Lengyel (7)

Estimating Security Risk Through Repository Mining
Estimating Security Risk Through Repository MiningEstimating Security Risk Through Repository Mining
Estimating Security Risk Through Repository Mining
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysis
 
Anti-evil maid with UEFI and Xen
Anti-evil maid with UEFI and XenAnti-evil maid with UEFI and Xen
Anti-evil maid with UEFI and Xen
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
 
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and CloningNSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning
 
Dfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshopDfrws eu 2014 rekall workshop
Dfrws eu 2014 rekall workshop
 

Recently uploaded

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

Pitfalls of virtual machine introspection on modern hardware

  • 1. Pitfalls of virtual machine introspection on modern hardware Tamas K. Lengyel @tklengyel tamas@tklengyel.com
  • 2. Agenda 1. VMI intro 2. Software attacks ● Direct Kernel Structure Manipulation ● Direct Kernel Object Manipulation 3. Hardware attacks ● Translation Lookaside Buffer poisoning ● Extended Page Tables limitations ● System Management mode 4. Conclusion
  • 3. Virtual Machine Introspection (VMI) Interpret virtual hardware state ● Network, Disk, vCPU & Memory ● The semantic gap problem: Reconstruct high-level state information from low-level data-sources.
  • 4. Bridging the semantic gap ● The guest OS is in charge of managing the virtual hardware – How to get the info from it? ● Install in-guest agent to query using standard interfaces – If OS is compromised in-guest agent can be disabled / tampered with – Just as vulnerable as your AntiVirus
  • 5. Bridging the semantic gap ● Replicate guest OS functions externally – In-guest code-hooks are avoided – Requires expert knowledge on OS and hardware behavior – Requires debug data to understand in-memory data-structures ● This is where the problems begin – The weak and the strong semantic gap
  • 6. Direct Kernel Object Manipulation 2004: DKOM - Mangle in-memory data-structures to hide elements LibVMI example: size_t vmi_read_va( vmi_instance_t vmi, addr_t vaddr, vmi_pid_t pid, // This is interpreted by // walking the list void *buf, size_t count);
  • 7. Direct Kernel Structure Manipulation DKSM: Subverting Virtual Machine Introspection for Fun and Profit (2010) ● Patch in-guest system to interpret structures differently Ex ternal interp retation Interna l interpreta tion typedef struct _FOO { void* my_pointer; unsigned long my_value; } FOO; typedef struct _NEWFOO { unsigned long my_value; void* my_pointer; } NEWFOO;
  • 8. Translation lookaside buffer (TLB) poisoning ● Virtual to physical address translation is expensive ● Hardware managed transparent cache of the results ● Separate cache for read/write and instruction fetch (Harvard-style architecture)! ● Opportunity to whack it out of sync! ● Shadow Walker / FU rootkit
  • 9. TLB poisoning Original algorithm: Input: Splitting Page Address (addr) Pagetable Entry for addr (pte) invalidate_instr_tlb (pte); // flush TLB pte = the_shadow_code_page (addr); // replace PTE in memory mark_global (pte); // disable auto-flush reload_instr_tlb (pte); // load it into TLB pte = the_orig_code_page (addr); // put original entry back
  • 10. TLB poisoning and virtualization Automatically flush of the TLB on every VMEXIT/VMENTRY ● TLB (poisoning) is impossible ● Performance hit Introduction of TLB tagging (VPID) in Intel Nehalem (2008) ● 16-bit field specified in the VMCS for each vCPU ● Performance boost! ● VM TLB entries invisible to the VMM ● The problem is not (just) the split TLB
  • 11. TLB poisoning with Windows / Linux TLB poisoning uses global pages ● CR4.PGE (bit 7) ● Makes PTE’s marked as global survive context-switches (MOV-TO-CR3) ● Great performance boost for kernel pages! Windows 7 ● Regularly flushes global pages by disabled & re-enabling CR4.PGE Linux ● Doesn’t touch CR4.PGE after boot
  • 12. The tagged TLB in Xen ● The TLB tag is assigned to the vCPU from a global counter asid->asid = data->next_asid++; ● No flushes, just assign a new tag when needed ● When 16-bit field is exhausted, flush and start from 1 ● A new tag is assigned on every MOV-TO-CR3 – The use of global pages disabled in the guest! – The TLB needs to be primed on each context-switch
  • 13. The tagged TLB in KVM ● Tag is assigned when vCPU structure is created – Doesn’t matter if the vCPU is activated or not – Ran out of assignable tags? ● Disable tagging and revert to old VMENTRY/VMEXIT TLB flushing ● Priming the TLB in Linux guests on KVM is a problem for VMI ● However, the split TLB still has issues
  • 14. The sTLB! Intel Nehalem introduced second-level cache: sTLB The problem: ● Split-TLB relies on a custom page-fault handler being called to re-split the TLB when it’s evicted ● With sTLB, the entry is brought back into the 1st level cache – ..both into the iTLB & the dTLB – Split-TLB becomes unsplit! ● Split-TLB poisoning is unreliable in VMs!
  • 15. MoRE Shadow Walker 2014: The evolution of TLB splitting on x86 ● Guests can’t disable the sTLB by themselves ● However, sTLB doesn’t merge entries with conflicting PTE permissions – 1st level PTEs can have R, R+W or R+E permissions – 2nd level (EPT) PTEs can have R, R+W or E permissions! ● Reliable TLB splitting requires VMM support!
  • 16. Extended Page Tables (EPT) Speed up guest virtual to machine physical address translation Two sets of tables ● 1st layer managed by guest OS ● 2nd layer managed by the VMM Permissions can be different in the two layers!
  • 17. Extended Page Tables (EPT) Can be used to trace the execution and memory accesses made by the guest ● Transparently ● 4k Page-level granularity at best ● Need to filter unrelated events! Notable commercial examples:
  • 18. EPT limitations ● Only the start address and type of the violation is recorded ● We don't know how much memory is involved ● The operating system by default starts R/W operation at the start of a variable ● But it is not enforced ● Violations in the vicinity of a watched area need to be treated as potential hits
  • 19. EPT limitations Read/Write violation ambiguities "An EPT violation that occurs during as a result of execution of a read-modify-write operation sets bit 1 (data write). Whether it also sets bit 0 (data read) is implementation-specific and, for a given implementation, may differ for different kinds of read-modify-write operations." Intel SDM “Counter question: Why can't the hardware report true characteristics right away?” Jan Beulich – SuSE “when spec says so, there is a reason but I can't tell here. :-)” Kevin Tian – Intel
  • 20. EPT limitations Read/Write violation ambiguities "An EPT violation that occurs during as a result of execution of a read-modify-write operation sets bit 1 (data write). Whether it also sets bit 0 (data read) is implementation-specific and, for a given implementation, may differ for different kinds of read-modify-write operations." Intel SDM It is possible to siphon data using r-m-w operations from a page that doesn’t allow reading! Fixed in Xen 4.5
  • 21. EPT limitations ● Single EPT per guest – Not a hardware limitation – Could have separate EPT for each vCPU ● Tracing with multi-vCPUs – EPT permissions need to be relaxed while one vCPU is advanced – Race condition – All vCPUs need to be paused while one vCPU is singlestepped
  • 22. System Management Mode (SMM) SMM intended for low-level services, such as: ● thermal (fan) control ● USB emulation ● hardware errata workarounds Can be used for: ● VMI ● Anti-VMI! Hard to take control of it on (most) Intel devices as it is loaded by the BIOS
  • 23. SMM ● Normal mode SMM is triggered by interrupts (SMI) ● Can be configured to happen periodically ● Always returns to the same execution mode afterwards
  • 24. SMM The problem for SMM based VMI systems: “A limitation of any SMM-based solution [...] is that a malicious hypervisor could block SMI interrupts on every CPU in the APIC, effectively starving the introspection tool. For VMI, trusting the hypervisor is not a problem, but the hardware isolation from the hypervisor is incomplete.” Jain et al. “SoK: Introspections on Trust and the Semantic Gap” 2014, IEEE S&P
  • 25. Intel Dual-monitor mode SMM ● Available on all CPUs with VT-x (?) ● SMM can become an independent hypervisor ● VMCALL in VMX-root!
  • 26. Intel Dual-mode SMM The VMCALL instruction can be used to instrument the VMM ● Same way INT3 can be used to instrument a VM ● Starvation is impossible via the APIC The SMM can enter any execution mode ● Full control over the execution flow ● Hidden VMs The SMM can temporarily disable SMIs for a VM! ● Forced execution
  • 27. Conclusion VMI is powerful but has issues ● The strong semantic gap Hardware support is better ● Tagged TLB is a problem ● Split-TLB requires VMM support ● EPT corner-cases need to be taken into consideration Dual-mode SMM is un(der)-explored