340 likes | 780 Views
Hyper-V Security. Brandon Baker Senior Development Lead Microsoft. William Arbaugh Principal Architect Microsoft. Agenda. What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions. What is Hyper-V?. Full machine virtualization
E N D
Hyper-V Security Brandon Baker Senior Development Lead Microsoft William Arbaugh Principal Architect Microsoft ACM CCS / VMSec
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
What is Hyper-V? • Full machine virtualization • Component of Windows Server 2008 x64 • Beta shipped in box • RTM available through Windows Update ACM CCS / VMSec
How to install Hyper-V ACM CCS / VMSec
What is Hyper-V? Has three major components: Hypervisor Virtualization Stack Virtual Devices Requires hardware assisted virtualization AMD AMD-V Intel VT ACM CCS / VMSec
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
VMM Arrangements • Hosted Virtualization • Hypervisor Virtualization Guest 1 Guest 2 Guest 1 Guest 2 VMM VMM Host OS Hardware Hardware • Examples • VMware Workstation • KVM • Virtual PC & Virtual Server • Examples • VMware ESX • Xen • Hyper-V ACM CCS / VMSec
Drivers Drivers Drivers Drivers Monolithic Versus Microkernel All virtualization systems have a VMM, drivers, virtualization software, and management interfaces. • Monolithic hypervisor • Simpler than a modern kernel, but still complex • Implements driver model • Microkernel hypervisor • Simple partitioning functionality • Increase reliability and minimizes TCB • No third-party code • Drivers run in root guest VM 1 (Admin) VM 2 VM 3 VM 2 (“Child”) VM 3 (“Child”) VM 1(“Parent”) Virtual- ization Stack Hypervisor Virtualization Stack Hypervisor Hardware Hardware ACM CCS / VMSec
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
Virtualization Stack WindowsKernel OSKernel DeviceDrivers Windows hypervisor VirtualizationServiceClients(VSCs) Enlightenments VMBus Hyper-V Architecture Partition Root Guest Partitions Provided by: Ring 3 Ring 3 Windows Guest Applications VM WorkerProcesses Hyper-V WMI Provider VMMSService ISV VirtualizationServiceProviders(VSPs) Server Core Ring 0 Ring 0 Ring “-1” Storage NIC CPU MMU APIC VMCS/VMCB ACM CCS / VMSec
Hypervisor Partitioning Kernel Partition is isolation boundary Few virtualization functions; relies on virtualization stack Very thin layer of software Microkernel Highly reliable No device drivers Two versions, one for Intel and one for AMD Drivers run in the root Leverage the large base of Windows drivers Well-defined interface Allow others to create support for their OSes as guests Virtualization Stack • Runs within the root partition • Portion of traditional hypervisor that has been pushed up and out to make a micro-hypervisor • Manages guest partitions • Handles intercepts • Emulates devices ACM CCS / VMSec
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
Virtualization Stack WindowsKernel OSKernel DeviceDrivers Windows hypervisor VirtualizationServiceClients(VSCs) Enlightenments VMBus Hyper-V TCB Partition Root Guest Partitions Guest Applications VM WorkerProcesses WMI Provider VMService VirtualizationServiceProviders(VSPs) Server Core ACM CCS / VMSec
Security Assumptions • Guests are untrusted • Root must be trusted by hypervisor; parent must be trusted by children. • Code will run in all available processor modes, rings, and segments • Hypercall interface will be well documented and widely available to attackers. • All hypercalls can be attempted by guests • Can detect you are running on a hypervisor • We’ll even give you the version • The internal design of the hypervisor will be well understood ACM CCS / VMSec
Security Goals Strong isolation between partitions Protect confidentiality and integrity of guest data Separation Unique hypervisor resource pools per guest Separate worker processes per guest Guest-to-parent communications over unique channels Non-interference Guests cannot affect the contents of other guests, parent, hypervisor Guest computations protected from other guests Guest-to-guest communications not allowed through VM interfaces Memory, registers, and caches scrubbed on VM context switch ACM CCS / VMSec
Security Non-Goals Things we don’t do in Hyper-V v1 Mitigate hardware bleed-through (inference attacks) Mitigate covert channels Guarantee availability Protect guests from the root Protect the hypervisor from the root Utilize trusted hardware TPM, Device Assignment, DMA protection, Secure Launch ACM CCS / VMSec
Windows hypervisor Hyper-V Security Model Root Partition Guest Partitions Windows AuthN Virtualization Stack VM Config AzMan Guest Applications VMBus Part ID to VM Config Guest OSKernel Server Core Hypercall Hypercall Part ID 2…n Part ID 1 Partition Privileges Memory Map VMCS ACM CCS / VMSec
Hypervisor Security Model Memory Physical Address to Partition map maintained by Hv Parent/Child ownership model on memory Can supersede access rights in guest page tables (R, W, X) CPU Hardware guarantees cache & register isolation, TLB flushing, instruction interception I/O Hypervisor enforces Parent policy for all guest access to I/O ports Hyper-V v1 policy is guests have no access to real hardware Hypervisor Interface Partition privilege model Guests access to hypercalls, instructions, MSRs with security impact enforced based on Parent policy Hyper-V v1 policy is guests have no access to privileged instructions Hyper-V Security Model • Uses Authorization Manager (AzMan) • Fine grained authorization and access control • Department and role based • Segregate who can manage groups of VMs • Define specific functions for individuals or roles • Start, stop, create, add hardware, change drive image • VM administrators don’t have to be Server 2008 administrators • Guest resources are controlled by per VM configuration files • Shared resources are protected • Read-only (CD ISO file) • Copy on write (differencing disks) ACM CCS / VMSec
Virtualization Stack Virtualization Attacks VM WorkerProcesses WMI Provider VMService WindowsKernel VirtualizationServiceProviders(VSPs) Server Core DeviceDrivers Windows hypervisor VirtualizationServiceClients(VSCs) VirtualizationServiceClients(VSCs) Enlightenments Enlightenments VMBus Root Partition Guest Partitions Provided by: Windows Hyper-V Guest Applications ISV Hackers OSKernel VMBus Server Hardware ACM CCS / VMSec
Hyper-V Security Hardening (1/2) ACM CCS / VMSec • Hypervisor has separate address space • Guest addresses != Hypervisor addresses • No 3rd party code in the Hypervisor • Limited number of channels from guests to hypervisor • No “IOCTL”-like things • Guest to guest communication through hypervisor is prohibited • No shared memory mapped between guests • Guests never touch real hardware i/o
Hyper-V Security Hardening (2/2) ACM CCS / VMSec • Hypervisor built with • ASLR • Stack guard cookies (/GS) • Hardware No eXecute (NX) • Code pages marked read only • Memory guard pages • Limited exception handling • Hypervisor binary is signed • Hypervisor and Root components completed SDL • Threat modeling • Static Analysis • Fuzz testing • Penetration testing
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
Maslow’s Hierarchy of Virtualization Security ACM CCS / VMSec
Challenges – Implementation ACM CCS / VMSec • Security of the platform • SDL • Simplify • Separate • Push complexity out and up • Hypervisor correctness • “Is this hypervisor safe?”
Challenges – Management ACM CCS / VMSec • VM security level • Host suitability • Identity • Administration • Patching • Software Inventory • Compliance • Antivirus • Network vs. virtual network security • “Are my policies safe?”
Challenges – Realization ACM CCS / VMSec • Projecting security invariants into VMs • Monitoring VM behavior • Behavior modification • Intercepting VM data flows • “Can I make my OS safer by being a VM?”
Agenda What is Hyper-V? Why a hypervisor? Quick Background & Architecture Security Model Challenges Future Directions ACM CCS / VMSec
What are we exploring? ACM CCS / VMSec • Measured launch • IOMMU support • TPM virtualization
Measured Launch • Start with Dynamic Root of Trust Measurement (DRTM) • AMD SKINIT • Intel SENTER • DRTM resets processor to clean stateand executes secure loader • Loader starts a measurement chain • Allows for measurement and policy enforcement on hypervisor ACM CCS / VMSec
I/O Memory Management Unit (IOMMU) • Used for containing and directingdevice traffic • Access to memory • Interrupts • Under development and goes by lotsof names • IOMMU (long-standing use in industry, AMD) • DMA Remapping (Intel/Microsoft) • VT-d, VT-d2 (Intel) ACM CCS / VMSec
TPM Virtualization • Open questions: • What is the right way to expose TPM functionality to VMs? • Low level hardware interface vs. hypercall • TPM wasn’t designed to be virtualized • How should you handle measurements across VM migrations? • If a VM is sealed to a platform, it can’t be migrated. • If a VM isn’t sealed to a platform, how much trust do you have? ACM CCS / VMSec
For More Information • Email me thoughts, ideas, questions • brandon.baker@microsoft.com • william.arbaugh@microsoft.com • Hypervisor Interface Specification • http://msdn.microsoft.com/en-us/library/bb969686.aspx • Black Hat presentations • http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html • RSA Virtualization Blog • http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspx ACM CCS / VMSec