SlideShare a Scribd company logo

State of virtualisation -- 2012

Download as PPTX, PDF
Jonathan Sinclair
Jonathan Sinclair

An overview of the virtualisation space, possible issues and why the blind run forward may lead us over an edge

Technology
1 of 44
Hypervisors and Virtual Machines (VM) State Of The Art By Jonathan Sinclair (nX)
Story Line • Background • Which path to take • Available attack space • What’s available • Review • A new path
The Cloud – a quick history lesson • Memo sent from J.C.R. Licklider to his colleagues in 1963 titled: “MEMORANDUM FOR: Members and Affiliates of the Intergalactic Computer Network” – Set foundations for the concepts we find in the Internet and Cloud computing • Popek and Goldberg were talking about in 1974 - "Formal Requirements for Virtualisable Third Generation Architectures" – Defined virtualisation requirements : Equivalence, Resource Control, Efficiency 1998 VMware founded 1999 Salesforce online 2002 Amazon Web Service available 2003 Public release of Xen 2006 Amazon EC2 born 2008 Microsoft Hyper-V
What does it mean • To the oldies (those that remember the 60’s and 70’s): Isn’t this just time-share computing? • To the youth (those who don’t know what assembler is and can’t remember, BBS’s, Monkey Island or Elite): Everything is shared everywhere and accessible anywhere. Why didn’t it always work this way? • To the hacker: Thankfully I now only have to attack one platform.....perhaps
Cloud perspectives • Cloud in 4D Cloud Clients: Web Browsers, Mobile applications, Thin clients SaaS: CRM, Email, Virtual desktops, Games PaaS: Databases, Web servers IaaS: Virtual Machines, Servers, Storage, Networks
Hacking at the periphery • Socially-based cloud services: Facebook, Twitter, iCloud, Dropbox, Skydrive, Etc. • The now infamous Mat Honan hack, loss of his digital life – Accounts daisy-chained – No two-factor authentication – No backup’s Out of scope for this talk. Traditional spear-phishing methods can be utilised
Focus of this talk: IaaS • SaaS: Leave it to the web security guys • PaaS: Could be interesting but focuses more on services • IaaS: – Combines technologies – Attack surface is large – Brings the most control – Break out can lead to complete control of an infrastructure
IaaS • So things should be easy now we have focus right? – Wrong • The IaaS world is filling with vendors*: – Hyper-V (Microsoft) – Virtual Box (Oracle) – Xen (Cambridge computer lab, open src) – VMware (EMC) * Remind anyone of the OS world before *nix, MS and Apple took control?
Constraint 1 • What is ‘bare-metal’? • Two principle categories for hypervisor technologies (as defined by R.Goldberg) – Type 1: Hypervisors that run directly on the hosts hardware – Type 2: Hypervisors that run on top of a conventional operating system • It becomes a question of how the guest operating system accesses the underlying hardware
Why does this matter? • When considering exploitation it pays to go after bare-metal systems – Technology is still immature with regards to security • Exploits utilising buffer overflows, none-sanitised instruction breakouts and system crashes (PSOD) are still rife – Landscape still heterogeneous (look at EMC’s recent acquisitions in the cloud space)
Constraint 2 • As with Microsoft, it pays to go after the big player as the rewards will be greater – As of approx. one year ago Taneja Group recently identified VMware as the vendor market leader in this space • Gartner substantiates did I just mention that here?
Applying the constraints • Bare-metal hypervisors: – Hyper-V – VMware’s ESX/ESXi – Xen • Global coverage: – VMware – Xen – Hyper-V
VMware / IaaS • We have a candidate: – VMware • It’s global coverage shows it’s still the market leader (2012) • It offers a ‘bare metal’ installation • It’s involvement in the Vblock* initiative allows for full, often enterprise level, infrastructure exploitation • It’s a Redhat hack so we can reuse existing exploitation knowledge * Vblock is a virtualization platform from the Virtual Computing Environment which is an initiative between EMC, VMware and Cisco to provide a fully virtualised infrastructure
VM Penetration-Testing • Previously hackers only had to look at exploiting the physical layer • Now they have to gear up to also take on the virtual infrastructure
Ex Security • The dimensionality of the security layer just got elevated Target scoping Information gathering Target Discovery Enumerating Target Vulnerability mapping Social Engineering Target Exploitation Privilege Escalation Maintaining Access Documentation and Reporting Physical Layer Virtualisation Layer
Outside looking in 1. You’re external to the system with no guest account access • Adopt normal attack methods, port scanning, vulnerability identification, exploitation • The system will always look like a normal server from the external perspective – An exception to this can be insecurely mapped ports (e.g. unprotected v-sphere) • Aim for low hanging fruit. Guest access is all you need 2. You have an account on a system but is it virtualized? • This scenario covers an internal corporate breach. As security experts we shouldn’t forget about attacks from the inside, contractors, disgruntled employees
Reconnaissance • Traditional Port Scanning Methods – 443, 902 and 903 are good starting candidates • Shodan HQ • Google hacking
Hypervisor identification • VMware Backdoor: – Never fully disabled and can reveal a lot of system level information • movw $0x5658, %dx; = VMware I/O port • Mov values pased to cx: 01h (Processor speed), 0AH (Vmware version) etc. • Linux: – If you can install anything under the exploited account: • Imvirt (doesn’t require root) – Coverage: Virtual box, VMware, OpenVZ, Physical, QEMU, UML, Xen, Iguest, ArAnyM, LXC – If you happen to have root: Virt-what (requires root) • Coverage: KVM, Xen, QEMU, VirtualBox, Systemz, LPAR, z/VM, VMware, Hyper-V • Windows: – Stand alone GUI application by Elias Bachaalany • Still relevant despite being coded in 2005 • Coverage: Virtual PC, VMware (for us this is enough) • Other tricks: – Dmidecode/SMBios structures, SIDT instruction identification (Red Pill) – Mac OS X: Not tested, but SIDT tricks should still hold true
Past, Present and State-of-the-Art • Blue Pill / SubVirt • VMChat • Cloudburst • Metasploit weaponised • Steal a VM • VMDK Has Left the Building • Suspended state: pass the hash • Adaptive VM aware malware
Blue Pill / SubVirt • Created by Joanna Rutkowska and released publically in 2006 – The concept was to create an ultra-thin hyper-v which installs on-the-fly and can then operate undetected by the host OS – Offering a way to subvert the entire OS system and hide it’s existence • Ref: http://theinvisiblethings.blogspot.ch/2006/06/introduc ing-blue-pill.html
VMChat etc. • Ed Skoudis and Tom Liston back in 2006 created break out applications (vmchat, vmftp, vmcat etc.) that bridged VM’s shared memory models (ComChannel) enabling chat between the systems as well a number of other functionalities. • Unfortunately their work is governed under DHS therefore no working version is available for demonstration at this moment • Ref: “On the Cutting Edge: Thwarting Virtual Machine Detection”
Cloudburst • Originally presented in 2009 at Black Hat, Las Vegas, by Kostya Kortchinsky from Immunity • Essential elements: – Exploited ESX 3D support – Addressed an x,y display glyph which was never bounds checked – Allowed for a reliable host -> guest breakout – Bundled with Canvas for a nice price tag
Cloudburst 2 • Piotr Bania made improvements on the original and was kind enough to release the source code • MS XP SP3 -> virtualised MS XP SP3 (VMware workstation 6.5.1 build 126130) host to guest breakout whereby the exploit can access/run any file on the host
Metasploit weaponised • VASTO 0.4 from Claudio Criscione now provides out of the box modules for hypervisor technologies – vmware_guest_stealer – vmware_session_rider – xen_login – eucalyptus_poison – vmware_autopwner – Etc. • Failing Metasploit installation, run the modules manually via Ruby
Steal a VM • ESXi 3.0 – vmware_guest_stealer • Exploits the vulnerability CVE-2009-3733 discovered by Morehouse & Flick • Directory traversal attack against the host hypervisor • Allows complete acquisition of other hosted VM’s into the guest/attacker client • ESXi 5.0 has been silently patched
VMDK Has Left the Building • Work coming from the guys at ERNW GmbH : – Matthias Luft, Daniel Mende, Enno Rey, Pascal Turbing – Attacks the virtual machine configuration file (which is of course stored in plain text) – Guest -> Host data extraction via *.vmdk configuration file modification by exploiting ‘# Extent description RW setting’ • Demo’d complete retrieval of backed up host /etc folder • Demo’d ability to mount the physical hard drive of the ESX host • Valid of ESXi version 5.0 hypervisor
Suspended state: pass the hash • Mark Baggett instructor for SANS has presented a ‘pass the hash’ attack method against a VM’s image file • Methodology: – Covert the VM image file (snap shot or suspended state) to a memory dump file (vmss2core) – Obtain OS version and use in combination with Volatility to dump the hashes (via the virtual memory offsets) using the registry entries: • REGISTERYMACHINESYSTEM • SystemRootSystem32ConfigSAM – Then use lsadump/samdump to start cracking the passwords
Suspended state: pass the hash
Adaptive VM aware malware • Crisis or Morcut is a rootkit that has the ability to adaptively weaponise for multiple targets: – Windows, Mac OSX, VM’s
Appraisal • The ‘cloud’ hypervisor world is upon us • User demands for convenience and business promises of lower costs for maintenance are speeding the adoption of a virtualised world • VMware Backdoor access isn’t secured • Vmdk exploitations are now gaining traction • VSphere SOAP calls are vulnerable • VMware Backdoor network always available to help • VMotion network transmits the memory image in clear text
Optimism • VMware’s silent patching and quick release cycles are improving the security situation • Enterprise patching for public clouds should be ensured by the vendor and governed contractually • Security is getting focus • VMware profiling allows golden secure guest OS images to be created and distributed • VMware Update allows for synchronised and manageable control of the virtualised environment
Pessimism • Virtualised bridging between the guest and host will always offer a juicy attack vector – Paravirtualised drivers – Regular drivers • Shared hardware resources will never be able to ensure secure sandboxing • Asset segregation can never be secured to the same degree as physical systems • Derek Soeder is always lurking – CVE-2012-1515: Backdoor ROM overwrite privilege escalation vulnerability, March 2012 – CVE-2012-1517: Unprivileged code execution from the guest machine, May 2012 – CVE-2012-1516: Uninitialized memory, potential VM breakout, May 2012
Pessimism • Did I mention patch cycles? – Customer question on community blog: • Question: “Does VMware have a scheduled patch cycle? When do they release patches, monthly, quarterly, or on a "as needed" basis?” • Answer: “There is no such Patch Release cycle as Microsoft has for its operating systems in VMware. You can check continuously in Update Manager for any recent patch release and can apply them according to the advisory released from VMware.”
Pessimism • Trend of Security Advisories from VMware – The rate of security advisories for VMware in 2012 demonstrates issues still exist 0 1 2 3 4 5 6 VMware Security Advisories 2012 Number of Advisories
Future • QubesOS – Virtualisation issues identified early on – Invisible Things Labs has been leading the way in this field for research • Places data responsibility into the hands of the security architect • Segregates information into security domains supported by network permission and accessibility • Champions the notion of light weight disposable virtual machines whose purpose will be to host only a single application
Future • QubesOS – Rutkowska’s take on secure sandboxing methods: “I think that Apple iOS is a good example of such a “safe” OS – it automatically puts each application into its own sandbox, essentially not relaying on the user to make any security decisions. However, the isolation that each such sandbox provides is far from being secure, as various practical attacks have proven, and which is mostly a result of exposing too fat APIs to each sandbox, as I understand. In Qubes OS, it's the user that is responsible for making all the security decisions – how to partition her digital life into security domains, what network and other permissions each domain might have”
Current PoC Research Parasite • Parasite – A new form of malware – Exists as a self-contained agent that stays with it’s host – Manipulates it’s carriers environment to ensure migration – Explores the virtual target space
Parasite: Mode of operation Exploit the system Identify environment Reconnaissance Test constraints Trigger Migration Reconnaissance
Parasite Lab • Host: VMware ESXi 5.0.0 build 623860 • Clients: Linux BT R3 32bit, Windows XP, Windows 8 • 1 Cluster, 6 VM’s all existing on the same VLAN segment • vMotion configured to ‘moderate’ threshold setting
PoC objectives • Demonstrate capabilities and present a case for a potential new threat • Force automatic migration by triggering vMotion – Simulate high load on the guest OS • Produce a high number of files and directories forcing VMware DB limit to overload (circa 31,000) • Explore clustered hosts of the virtualised infrastructure • DoS attack caused due to constant migratory VM, overloading the hypervisor (due to a poorly defined vMotion threshold configuration) • Sniff network traffic of various nodes e.g. VM migrations • Perform reconnaissance analysis
PoC Status • Work in progress • Whitepaper planned for early 2013
Precaution from Woz • A quote from someone it might be worth listening to: "I really worry about everything going to the cloud" "I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.” -- Steve Wozniak
Final word • Hackers: We have a fertile new playground with a lot of tech to explore • Youth: Use the cloud but know the risks • Old/Experienced: The time-share idea is becoming a reality A new piece of malware may be lurking
Thanks for listening And for those still paying attention, the smart people at Vupen have released the following PoC: Citrix Xen Intel CPU 64-Bit Mode Sysret PV Guest to Host Escape (CVE-2012-0217)

Recommended

Cloud.pptm
Cloud.pptmCloud.pptm
Cloud.pptmMayank Chaudhari
 
Hypervisors
HypervisorsHypervisors
HypervisorsInzemamul Haque
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threatAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongRobert Clark
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Hypervisor Framework
Hypervisor FrameworkHypervisor Framework
Hypervisor FrameworkEdgar Barbosa
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesPriyanka Aash
 

Recommended

Cloud.pptm
Cloud.pptmCloud.pptm
Cloud.pptmMayank Chaudhari
 
Hypervisors
HypervisorsHypervisors
HypervisorsInzemamul Haque
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threatAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongRobert Clark
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
 
Hypervisor Framework
Hypervisor FrameworkHypervisor Framework
Hypervisor FrameworkEdgar Barbosa
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesPriyanka Aash
 
Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Rubal Sagwal
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixThe Linux Foundation
 
Virtualization basics
Virtualization basics Virtualization basics
Virtualization basics Chandrani Ray Chowdhury
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Managerwalkerchang
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for VirtualizationYoonje Choi
 
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...The Linux Foundation
 
µ-Xen
µ-Xenµ-Xen
µ-XenLars Kurth
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...The Linux Foundation
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology OverviewOpenCity Community
 
1.Introduction to virtualization
1.Introduction to virtualization1.Introduction to virtualization
1.Introduction to virtualizationHwanju Kim
 
VMware vSphere 5.1 Overview
VMware vSphere 5.1 OverviewVMware vSphere 5.1 Overview
VMware vSphere 5.1 OverviewESXLab
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 
Xen revisited
Xen revisitedXen revisited
Xen revisitedShahbaz Sidhu
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloudAshok Kumar
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOSbcantrill
 

More Related Content

What's hot

Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Rubal Sagwal
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixThe Linux Foundation
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Managerwalkerchang
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for VirtualizationYoonje Choi
 
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...The Linux Foundation
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...The Linux Foundation
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology OverviewOpenCity Community
 
1.Introduction to virtualization
1.Introduction to virtualization1.Introduction to virtualization
1.Introduction to virtualizationHwanju Kim
 
VMware vSphere 5.1 Overview
VMware vSphere 5.1 OverviewVMware vSphere 5.1 Overview
VMware vSphere 5.1 OverviewESXLab
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
 

What's hot (19)

Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
 
Virtualization basics
Virtualization basics Virtualization basics
Virtualization basics
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Manager
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for Virtualization
 
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor Security
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology Overview
 
1.Introduction to virtualization
1.Introduction to virtualization1.Introduction to virtualization
1.Introduction to virtualization
 
VMware vSphere 5.1 Overview
VMware vSphere 5.1 OverviewVMware vSphere 5.1 Overview
VMware vSphere 5.1 Overview
 
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...
 

Similar to State of virtualisation -- 2012

Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloudAshok Kumar
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOSbcantrill
 
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Peter Tripp
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorAnil Madhavapeddy
 
Bridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized EnvironmentBridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized EnvironmentAndy Lee
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSDocker, Inc.
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesScott K. Larson
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
Virtualization 101 - DeepDive
Virtualization 101 - DeepDiveVirtualization 101 - DeepDive
Virtualization 101 - DeepDiveAmit Agarwal
 
Cloud-computing.ppt
Cloud-computing.pptCloud-computing.ppt
Cloud-computing.pptAjit Mali
 
Virtualization Technology for Test Automation
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test AutomationIosif Itkin
 
Virtualization Technology for Test Automation
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test Automationextentconf Tsoy
 
PowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsPowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsDev 010101
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 
Linux virtualization
Linux virtualizationLinux virtualization
Linux virtualizationGoogle
 

Similar to State of virtualisation -- 2012 (20)

Xen revisited
Xen revisitedXen revisited
Xen revisited
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
 
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
Joyent's Bryan Cantrill: Experiences Porting KVM to SmartOS at KVM Forum, Aug...
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Bridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized EnvironmentBridging the Semantic Gap in Virtualized Environment
Bridging the Semantic Gap in Virtualized Environment
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
 
17-virtualization.pptx
17-virtualization.pptx17-virtualization.pptx
17-virtualization.pptx
 
Txlf2012
Txlf2012Txlf2012
Txlf2012
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Virtualization 101 - DeepDive
Virtualization 101 - DeepDiveVirtualization 101 - DeepDive
Virtualization 101 - DeepDive
 
Cloud-computing.ppt
Cloud-computing.pptCloud-computing.ppt
Cloud-computing.ppt
 
Virtualization Technology for Test Automation
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test Automation
 
Virtualization Technology for Test Automation
Virtualization Technology for Test AutomationVirtualization Technology for Test Automation
Virtualization Technology for Test Automation
 
PowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsPowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity Topics
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
unit-2.pptx
unit-2.pptxunit-2.pptx
unit-2.pptx
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
Linux virtualization
Linux virtualizationLinux virtualization
Linux virtualization
 

More from Jonathan Sinclair

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Jonathan Sinclair
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or lessJonathan Sinclair
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon usJonathan Sinclair
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability uncheckedJonathan Sinclair
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingJonathan Sinclair
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrowJonathan Sinclair
 

More from Jonathan Sinclair (11)

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or less
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability unchecked
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not working
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT Security
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrow
 
Breach analysis slideshare
Breach analysis slideshareBreach analysis slideshare
Breach analysis slideshare
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

State of virtualisation -- 2012

  • 1. Hypervisors and Virtual Machines (VM) State Of The Art By Jonathan Sinclair (nX)
  • 2. Story Line • Background • Which path to take • Available attack space • What’s available • Review • A new path
  • 3. The Cloud – a quick history lesson • Memo sent from J.C.R. Licklider to his colleagues in 1963 titled: “MEMORANDUM FOR: Members and Affiliates of the Intergalactic Computer Network” – Set foundations for the concepts we find in the Internet and Cloud computing • Popek and Goldberg were talking about in 1974 - "Formal Requirements for Virtualisable Third Generation Architectures" – Defined virtualisation requirements : Equivalence, Resource Control, Efficiency 1998 VMware founded 1999 Salesforce online 2002 Amazon Web Service available 2003 Public release of Xen 2006 Amazon EC2 born 2008 Microsoft Hyper-V
  • 4. What does it mean • To the oldies (those that remember the 60’s and 70’s): Isn’t this just time-share computing? • To the youth (those who don’t know what assembler is and can’t remember, BBS’s, Monkey Island or Elite): Everything is shared everywhere and accessible anywhere. Why didn’t it always work this way? • To the hacker: Thankfully I now only have to attack one platform.....perhaps
  • 5. Cloud perspectives • Cloud in 4D Cloud Clients: Web Browsers, Mobile applications, Thin clients SaaS: CRM, Email, Virtual desktops, Games PaaS: Databases, Web servers IaaS: Virtual Machines, Servers, Storage, Networks
  • 6. Hacking at the periphery • Socially-based cloud services: Facebook, Twitter, iCloud, Dropbox, Skydrive, Etc. • The now infamous Mat Honan hack, loss of his digital life – Accounts daisy-chained – No two-factor authentication – No backup’s Out of scope for this talk. Traditional spear-phishing methods can be utilised
  • 7. Focus of this talk: IaaS • SaaS: Leave it to the web security guys • PaaS: Could be interesting but focuses more on services • IaaS: – Combines technologies – Attack surface is large – Brings the most control – Break out can lead to complete control of an infrastructure
  • 8. IaaS • So things should be easy now we have focus right? – Wrong • The IaaS world is filling with vendors*: – Hyper-V (Microsoft) – Virtual Box (Oracle) – Xen (Cambridge computer lab, open src) – VMware (EMC) * Remind anyone of the OS world before *nix, MS and Apple took control?
  • 9. Constraint 1 • What is ‘bare-metal’? • Two principle categories for hypervisor technologies (as defined by R.Goldberg) – Type 1: Hypervisors that run directly on the hosts hardware – Type 2: Hypervisors that run on top of a conventional operating system • It becomes a question of how the guest operating system accesses the underlying hardware
  • 10. Why does this matter? • When considering exploitation it pays to go after bare-metal systems – Technology is still immature with regards to security • Exploits utilising buffer overflows, none-sanitised instruction breakouts and system crashes (PSOD) are still rife – Landscape still heterogeneous (look at EMC’s recent acquisitions in the cloud space)
  • 11. Constraint 2 • As with Microsoft, it pays to go after the big player as the rewards will be greater – As of approx. one year ago Taneja Group recently identified VMware as the vendor market leader in this space • Gartner substantiates did I just mention that here?
  • 12. Applying the constraints • Bare-metal hypervisors: – Hyper-V – VMware’s ESX/ESXi – Xen • Global coverage: – VMware – Xen – Hyper-V
  • 13. VMware / IaaS • We have a candidate: – VMware • It’s global coverage shows it’s still the market leader (2012) • It offers a ‘bare metal’ installation • It’s involvement in the Vblock* initiative allows for full, often enterprise level, infrastructure exploitation • It’s a Redhat hack so we can reuse existing exploitation knowledge * Vblock is a virtualization platform from the Virtual Computing Environment which is an initiative between EMC, VMware and Cisco to provide a fully virtualised infrastructure
  • 14. VM Penetration-Testing • Previously hackers only had to look at exploiting the physical layer • Now they have to gear up to also take on the virtual infrastructure
  • 15. Ex Security • The dimensionality of the security layer just got elevated Target scoping Information gathering Target Discovery Enumerating Target Vulnerability mapping Social Engineering Target Exploitation Privilege Escalation Maintaining Access Documentation and Reporting Physical Layer Virtualisation Layer
  • 16. Outside looking in 1. You’re external to the system with no guest account access • Adopt normal attack methods, port scanning, vulnerability identification, exploitation • The system will always look like a normal server from the external perspective – An exception to this can be insecurely mapped ports (e.g. unprotected v-sphere) • Aim for low hanging fruit. Guest access is all you need 2. You have an account on a system but is it virtualized? • This scenario covers an internal corporate breach. As security experts we shouldn’t forget about attacks from the inside, contractors, disgruntled employees
  • 17. Reconnaissance • Traditional Port Scanning Methods – 443, 902 and 903 are good starting candidates • Shodan HQ • Google hacking
  • 18. Hypervisor identification • VMware Backdoor: – Never fully disabled and can reveal a lot of system level information • movw $0x5658, %dx; = VMware I/O port • Mov values pased to cx: 01h (Processor speed), 0AH (Vmware version) etc. • Linux: – If you can install anything under the exploited account: • Imvirt (doesn’t require root) – Coverage: Virtual box, VMware, OpenVZ, Physical, QEMU, UML, Xen, Iguest, ArAnyM, LXC – If you happen to have root: Virt-what (requires root) • Coverage: KVM, Xen, QEMU, VirtualBox, Systemz, LPAR, z/VM, VMware, Hyper-V • Windows: – Stand alone GUI application by Elias Bachaalany • Still relevant despite being coded in 2005 • Coverage: Virtual PC, VMware (for us this is enough) • Other tricks: – Dmidecode/SMBios structures, SIDT instruction identification (Red Pill) – Mac OS X: Not tested, but SIDT tricks should still hold true
  • 19. Past, Present and State-of-the-Art • Blue Pill / SubVirt • VMChat • Cloudburst • Metasploit weaponised • Steal a VM • VMDK Has Left the Building • Suspended state: pass the hash • Adaptive VM aware malware
  • 20. Blue Pill / SubVirt • Created by Joanna Rutkowska and released publically in 2006 – The concept was to create an ultra-thin hyper-v which installs on-the-fly and can then operate undetected by the host OS – Offering a way to subvert the entire OS system and hide it’s existence • Ref: http://theinvisiblethings.blogspot.ch/2006/06/introduc ing-blue-pill.html
  • 21. VMChat etc. • Ed Skoudis and Tom Liston back in 2006 created break out applications (vmchat, vmftp, vmcat etc.) that bridged VM’s shared memory models (ComChannel) enabling chat between the systems as well a number of other functionalities. • Unfortunately their work is governed under DHS therefore no working version is available for demonstration at this moment • Ref: “On the Cutting Edge: Thwarting Virtual Machine Detection”
  • 22. Cloudburst • Originally presented in 2009 at Black Hat, Las Vegas, by Kostya Kortchinsky from Immunity • Essential elements: – Exploited ESX 3D support – Addressed an x,y display glyph which was never bounds checked – Allowed for a reliable host -> guest breakout – Bundled with Canvas for a nice price tag
  • 23. Cloudburst 2 • Piotr Bania made improvements on the original and was kind enough to release the source code • MS XP SP3 -> virtualised MS XP SP3 (VMware workstation 6.5.1 build 126130) host to guest breakout whereby the exploit can access/run any file on the host
  • 24. Metasploit weaponised • VASTO 0.4 from Claudio Criscione now provides out of the box modules for hypervisor technologies – vmware_guest_stealer – vmware_session_rider – xen_login – eucalyptus_poison – vmware_autopwner – Etc. • Failing Metasploit installation, run the modules manually via Ruby
  • 25. Steal a VM • ESXi 3.0 – vmware_guest_stealer • Exploits the vulnerability CVE-2009-3733 discovered by Morehouse & Flick • Directory traversal attack against the host hypervisor • Allows complete acquisition of other hosted VM’s into the guest/attacker client • ESXi 5.0 has been silently patched
  • 26. VMDK Has Left the Building • Work coming from the guys at ERNW GmbH : – Matthias Luft, Daniel Mende, Enno Rey, Pascal Turbing – Attacks the virtual machine configuration file (which is of course stored in plain text) – Guest -> Host data extraction via *.vmdk configuration file modification by exploiting ‘# Extent description RW setting’ • Demo’d complete retrieval of backed up host /etc folder • Demo’d ability to mount the physical hard drive of the ESX host • Valid of ESXi version 5.0 hypervisor
  • 27. Suspended state: pass the hash • Mark Baggett instructor for SANS has presented a ‘pass the hash’ attack method against a VM’s image file • Methodology: – Covert the VM image file (snap shot or suspended state) to a memory dump file (vmss2core) – Obtain OS version and use in combination with Volatility to dump the hashes (via the virtual memory offsets) using the registry entries: • REGISTERYMACHINESYSTEM • SystemRootSystem32ConfigSAM – Then use lsadump/samdump to start cracking the passwords
  • 29. Adaptive VM aware malware • Crisis or Morcut is a rootkit that has the ability to adaptively weaponise for multiple targets: – Windows, Mac OSX, VM’s
  • 30. Appraisal • The ‘cloud’ hypervisor world is upon us • User demands for convenience and business promises of lower costs for maintenance are speeding the adoption of a virtualised world • VMware Backdoor access isn’t secured • Vmdk exploitations are now gaining traction • VSphere SOAP calls are vulnerable • VMware Backdoor network always available to help • VMotion network transmits the memory image in clear text
  • 31. Optimism • VMware’s silent patching and quick release cycles are improving the security situation • Enterprise patching for public clouds should be ensured by the vendor and governed contractually • Security is getting focus • VMware profiling allows golden secure guest OS images to be created and distributed • VMware Update allows for synchronised and manageable control of the virtualised environment
  • 32. Pessimism • Virtualised bridging between the guest and host will always offer a juicy attack vector – Paravirtualised drivers – Regular drivers • Shared hardware resources will never be able to ensure secure sandboxing • Asset segregation can never be secured to the same degree as physical systems • Derek Soeder is always lurking – CVE-2012-1515: Backdoor ROM overwrite privilege escalation vulnerability, March 2012 – CVE-2012-1517: Unprivileged code execution from the guest machine, May 2012 – CVE-2012-1516: Uninitialized memory, potential VM breakout, May 2012
  • 33. Pessimism • Did I mention patch cycles? – Customer question on community blog: • Question: “Does VMware have a scheduled patch cycle? When do they release patches, monthly, quarterly, or on a "as needed" basis?” • Answer: “There is no such Patch Release cycle as Microsoft has for its operating systems in VMware. You can check continuously in Update Manager for any recent patch release and can apply them according to the advisory released from VMware.”
  • 34. Pessimism • Trend of Security Advisories from VMware – The rate of security advisories for VMware in 2012 demonstrates issues still exist 0 1 2 3 4 5 6 VMware Security Advisories 2012 Number of Advisories
  • 35. Future • QubesOS – Virtualisation issues identified early on – Invisible Things Labs has been leading the way in this field for research • Places data responsibility into the hands of the security architect • Segregates information into security domains supported by network permission and accessibility • Champions the notion of light weight disposable virtual machines whose purpose will be to host only a single application
  • 36. Future • QubesOS – Rutkowska’s take on secure sandboxing methods: “I think that Apple iOS is a good example of such a “safe” OS – it automatically puts each application into its own sandbox, essentially not relaying on the user to make any security decisions. However, the isolation that each such sandbox provides is far from being secure, as various practical attacks have proven, and which is mostly a result of exposing too fat APIs to each sandbox, as I understand. In Qubes OS, it's the user that is responsible for making all the security decisions – how to partition her digital life into security domains, what network and other permissions each domain might have”
  • 37. Current PoC Research Parasite • Parasite – A new form of malware – Exists as a self-contained agent that stays with it’s host – Manipulates it’s carriers environment to ensure migration – Explores the virtual target space
  • 38. Parasite: Mode of operation Exploit the system Identify environment Reconnaissance Test constraints Trigger Migration Reconnaissance
  • 39. Parasite Lab • Host: VMware ESXi 5.0.0 build 623860 • Clients: Linux BT R3 32bit, Windows XP, Windows 8 • 1 Cluster, 6 VM’s all existing on the same VLAN segment • vMotion configured to ‘moderate’ threshold setting
  • 40. PoC objectives • Demonstrate capabilities and present a case for a potential new threat • Force automatic migration by triggering vMotion – Simulate high load on the guest OS • Produce a high number of files and directories forcing VMware DB limit to overload (circa 31,000) • Explore clustered hosts of the virtualised infrastructure • DoS attack caused due to constant migratory VM, overloading the hypervisor (due to a poorly defined vMotion threshold configuration) • Sniff network traffic of various nodes e.g. VM migrations • Perform reconnaissance analysis
  • 41. PoC Status • Work in progress • Whitepaper planned for early 2013
  • 42. Precaution from Woz • A quote from someone it might be worth listening to: "I really worry about everything going to the cloud" "I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.” -- Steve Wozniak
  • 43. Final word • Hackers: We have a fertile new playground with a lot of tech to explore • Youth: Use the cloud but know the risks • Old/Experienced: The time-share idea is becoming a reality A new piece of malware may be lurking
  • 44. Thanks for listening And for those still paying attention, the smart people at Vupen have released the following PoC: Citrix Xen Intel CPU 64-Bit Mode Sysret PV Guest to Host Escape (CVE-2012-0217)

Editor's Notes

  1. Cloud Clients: Socially facing cloud services Software as a service (SaaS): Web browser thin client Platform as a service (PaaS): API’s provided Infrastructure as a service (IaaS):
  2. Mat Honan link: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ Out of scope because the hack is not about system and multiple infrastructure exploitation. It focuses more on the side of the cube.
  3. Goldberg, Robert P. (February 1973) (PDF). Architectural Principles for Virtual Computer Systems. Harvard University. pp. 22–26. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=AD772809&Location=U2&doc=GetTRDoc.pdf. Retrieved 2010-04-12.
  4. PSOD = Vmware purple screen of death
  5. http://tanejagroup.com/ http://www.gartner.com/technology/reprints.do?id=1-1B2IRYF&ct=120626&st=sg
  6. https://sites.google.com/site/chitchatvmback/backdoor http://www.codeproject.com/Articles/9823/Detect-if-your-program-is-running-inside-a-Virtual http://www.securiteam.com/securityreviews/6Z00H20BQS.html http://dmtf.org/standards/smbios
  7. http://www.foolmoon.net/cgi-bin/blog/index.cgi?category=Security%20News DHS = United States Department of Homeland Security
  8. www.piotrbania.com
  9. Check out: VMSA-2012-0009 Hack in the box, Amsterdam: VMDK Has Left the Building Attacking Cloud Infrastructures by Malicious VMDK Files
  10. http://pen-testing.sans.org/blog/2012/08/03/pen-test-privilege-escalation-through-suspended-virtual-machines
  11. http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines
  12. Empirical Exploitation of Live Virtual Machine Migration – John Oberheide, Evan Cooke, Farnam Jahanian, Unversity of Michigan, Ann Arbor
  13. http://communities.vmware.com/thread/398930
  14. http://www.vmware.com/security/advisories/
  15. Check vmotion – how it works.
  16. http://paritynews.com/cloud/item/148-wozniak-predicts-trouble-as-cloud-computing-takes-hold http://www.vupen.com/blog/