Successfully reported this slideshow.
Your SlideShare is downloading. ×

Virtual Machine Introspection with Xen on ARM

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 8 Ad

More Related Content

Slideshows for you (20)

Similar to Virtual Machine Introspection with Xen on ARM (20)

Advertisement

Recently uploaded (20)

Virtual Machine Introspection with Xen on ARM

  1. 1. Virtual Machine Introspection with Xen on ARM Tamas K. Lengyel @tklengyel tamas@tklengyel.com
  2. 2. Virtual Machine Introspection 1. Why? 2. What is needed? a. Isolation b. Interpretation c. Interposition 3. Current status
  3. 3. Why? ● Traditional defense mechanisms don’t integrate well into virtual environments ● Mobile (ARM) platform is rapidly growing ● Starting with Cortex-A15 virtualization extensions are available in hardware ● Xen on ARM available since March 2014
  4. 4. Isolation Xen Security Modules on ARM ● Will be available in 4.5 ● Allows for advanced disaggregation ● Security domain separate from the TCB
  5. 5. Interpretation Reconstruct guest OS state information ● LibVMI purpose built for this task ● ARM paging support added in November, 2014 ● Detect running processes, modules, files, users etc. in the guest
  6. 6. Interposition - WiP Step into the execution of the guest when something of interest happens ● Requires hardware & VMM support ● ARM two-stage address translation ● Configure paging to trap memory accesses ● VMM trap handlers need to forward the events to the security domain
  7. 7. Patches merged to Xen 4.5
  8. 8. Interposition - WiP ● Cleanup of Xen MEM_EVENT subsystem ● Xen on ARM trap handlers need performance regression testing ● More research needed into ARM hardware support for event trapping! ● SMC is good but limited to the guest kernel

×