1 / 25

Hypervisors and Next Generation Virtualization

Hypervisors and Next Generation Virtualization. William Strickland COT4810 Spring 2008 February 7, 2008. [DTRave <www.openclipart.org>]. Overview. Origins Details Typical Usage Dark Side Darker Still In Better Hands. Origins. Hypervisor also known as Virtual Machine Monitor.

ely
Download Presentation

Hypervisors and Next Generation Virtualization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008

  2. [DTRave <www.openclipart.org>] Overview • Origins • Details • Typical Usage • Dark Side • Darker Still • In Better Hands

  3. Origins • Hypervisor also known as Virtual Machine Monitor. • Software emulating hardware to operating systems. • First developed for Servers and Mainframes by IBM. • Due to plentiful hardware not widely used, but fundamental method of virtualization.

  4. OS OS Hardware Hypervisor Details: Native Hypervisor • Hypervisor directly on top of hardware. • Emulates hardware to operating systems. • Difficult to implement.

  5. OS OS Hardware Hypervisor Details: Hosted Hypervisor • Runs under host operating system. • Easier to implement. • Less efficient.

  6. Details: x86 Architecture • Instruction levels (rings) 0 to 3. • Operating Systems use lowest ring (ring 0). • Hardware does not support virtualization.

  7. Details: x86 Virtualization • Support traditionally from layers of software to emulate privileged commands. • Recent additions by AMD and Intel provide Virtualization support of hypervisors. • Hypervisor code runs below operating systems and assumes control of hardware.

  8. Details: OS Paravirtualization • Operating system to be virtualized is modified with hypervisor awareness. • Avoids using commands that must be emulated, thus improving performance. • Simplifies Hypervisor design and implementation.

  9. Typical Usage • Machine Consolidation - More machines in one, for mutually exclusive function. • Sandboxing – performing dangerous actions in contained environment. • Whole System Mobility – moving whole system around.

  10. Dark side: VM rootkit Whole OS can be under command of software entity. • Concerns • Cross platform. • No way to breach VM. • Limitations • On typical x86 hardware, hard to put an incumbent operating system into VM. • Can detect if running in VM.

  11. Darker Still: Blue Pill New hardware support of hypervisors allows machine to be subverted much more easily. • Concerns • Act as stealthier rootkit. • Hypervisor invisible to rest of system. • Limitations • Limited targets. • Can be detected, probably.

  12. Hardware OS Malware Application Typical Rootkit Ring 0 Privilage escalation ... Ring 3

  13. Hardware OS Malware Application Typical Rootkit Hook Ring 0 ... Ring 3

  14. Hardware OS Malware Application Typical Rootkit Ring 0 ... Ring 3

  15. Hardware OS Malware Anti-* Application Typical Rootkit Ring 0 Privilage escalation ... Ring 3

  16. Hardware OS Malware Anti-* Application Typical Rootkit Repair End Ring 0 ... Ring 3

  17. Hardware OS Anti-* Application Typical Rootkit Looks Fine! Ring 0 ... Ring 3

  18. Hardware OS Malware Application Hypervisor Rootkit Ring 0 Privilage escalation ... Ring 3

  19. Hardware OS Malware Application Hypervisor Rootkit Hypervisor Ring 0 ... Ring 3

  20. Hardware OS Malware Application Hypervisor Rootkit Ring 0 ... Ring 3

  21. Hardware OS Malware Anti-* Application Hypervisor Rootkit Ring 0 Privilage escalation ... Ring 3

  22. Hardware OS Malware Anti-* Application Hypervisor Rootkit Looks Fine! Ring 0 ... Ring 3

  23. In Better Hands • Enforce Kernel protection; stop kernel hooking. • Prevent rootkits (including hypervisor based). • Better security implementation allowing more isolation of critical systems.

  24. References • “Blue Pill” August 24, 2006. Podcast. “Security Now!.” grc.com. 27 August 2006. <https://www.grc.com/securitynow.htm>. • Dorman, Andy. "Intel VT vs. AMD Pacifica." IT Architect Nov 2005: 51-57. • Greene, Jay. "Microsoft Revives Virtualization Push." Business Week Online 23 Jan 2008: 28. • Marshall, David, Wade A. Reynolds, and Dave McCrory. Advanced Server Virtualization. Boca Raton, FL: Auerbach Publications, 2006. • Popek, Gerald J., and Robert P. Goldberg. "Formal requirements for virtualizable third generation architectures." Communications of the ACM 17.7(1974): 412-421. • Rosenblum, Mendel, and Tal Garfinkel. "Virtual Machine Monitors: Current Technology and Future Trends." Computer 38.5(2005): 39-47. • Vaas, Lisa. "Blue Pill at Black Hat." eWeek 13 June 2007: 10. • Whitaker, Andrew, et al. Gribble."Rethinking the Design of Virtual Machine Monitors." Computer 38.5(2005): 57-62.

  25. Questions • At what ring does the kernel of a 32-bit x86 operating system run? • True or false, paravirtualization can run improve performance of an unmodified operating system?

More Related