1 / 33

Secure & flexible monitoring of virtual machine

Secure & flexible monitoring of virtual machine. University of Mazandran Science & Tecnology. By : Esmaill Khanlarpour. S.khanlarpour@ustmb.ac.ir. January 07 2010. Secure & Flexible Monitoring of Virtual Machines. Outline :. Prolegomenon. VMM & Types. Xen Hypervisor.

xiu
Download Presentation

Secure & flexible monitoring of virtual machine

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure & flexible monitoringof virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour S.khanlarpour@ustmb.ac.ir January 07 2010

  2. Secure & Flexible Monitoring of Virtual Machines Outline : • Prolegomenon • VMM & Types • Xen Hypervisor • Xen Architecture • Memory Introspection • Introduction • Requirements 2 / 30

  3. Secure & Flexible Monitoring of Virtual Machines Outline (contd.) : • XenAccess Monitoring Library • XenAccess Virtual Memory Introspection • Conclusion 3 / 30

  4. Secure & Flexible Monitoring of Virtual Machines VMM (or Hypervisor) : • Is a piece of software/hardware platform-virtualization software that allows multiple operating systems to run on a host computer concurrently. • The VM management ,memory partitioning, cpu scheduling ... 4 / 30

  5. Secure & Flexible Monitoring of Virtual Machines VMM types : • Type 1 (bare-metal) hypervisors are software systems that • run directly on the host's hardware. • control the hardware control and to monitor guest operating-systems. • Examples include VMware ESX Server ,Xen, Oracle VM Server ,.. 5 / 30

  6. Secure & Flexible Monitoring of Virtual Machines VMM types (contd.): Application Application OS OS VMM HWW Type1 Architecture 6/ 30

  7. Secure & Flexible Monitoring of Virtual Machines VMM types (contd.): • Type 2 (or hosted) hypervisors are software applications running within a conventional operating-system environment. • Examples include VMware Server (formerly known as GSX), VMware Workstation,.... 7 / 30

  8. Secure & Flexible Monitoring of Virtual Machines VMM types (contd.): Application OS VMM Host os HWW Type2 Architecture 8/ 30

  9. Secure & Flexible Monitoring of Virtual Machines Xen Hypervisor : • Xen is a virtual-machine monitor for x86, x86-64, Itanium and PowerPC 970 architectures • The University of Cambridge Computer Laboratory developed the first versions of Xen for linux . • As of 2009 the Xen community develops and maintains Xen as free software. 9 / 30

  10. Secure & Flexible Monitoring of Virtual Machines Xen Hypervisor (contd.) : • licensed under the GNU General Public License (GPL2). • Type 1 of VMM types. • Xen has traditionally used a paravirtualized approach to implement virtualization. • Xen uses a split domain architecture , meaning that guest OSes are kept in unprivileged domains(domU). 10 / 30

  11. Secure & Flexible Monitoring of Virtual Machines Xen Hypervisor (contd.) : • Other Domain In Xen is Domain 0 (Dom0) DOM0 DOM U DOM U Xen Hypervisor HWW 11 / 30

  12. Secure & Flexible Monitoring of Virtual Machines Domain 0 (dom0) : • boots automatically when the hypervisor boots • receives special management privileges and direct access to all physical hardware by defaul • Modified versions of Linux, NetBSD and Solaris can run as theDom0 • interact with the other virtual machines 12/ 30

  13. Secure & Flexible Monitoring of Virtual Machines Domain 0 (contd.) : • All Xen virtualization environments require Domain 0 to be running before any other virtual machines can be started 13 / 30

  14. Secure & Flexible Monitoring of Virtual Machines Domain User (DomU) : • EXCEPT Dom0,All paravirtualized virtual machines running on a Xen hypervisor, are referred to as DomU PV Guests • Unmodified versions of Microsoft Windows and other proprietary operating systems can also run as guests if the CPU supports x86 virtualization • such CPUs include Intel VT and AMD-V. 14 / 30

  15. Secure & Flexible Monitoring of Virtual Machines Xen Architecture : 15 / 30

  16. Secure & Flexible Monitoring of Virtual Machines Memory Introspection : • Memory introspection is the process of viewing the memory of one virtual machine from a different virtual machine. • What makes memory introspection difficult is the semantic gap between the two virtual machines. • This Technique most used in intrusions detection . • Example : state of a system call 16 / 30

  17. Secure & Flexible Monitoring of Virtual Machines • Monitoring application Introduction : • Example: Task manager • Monitoring app in VM • Monitoring app is ≠ VMM • No architecture 17 / 30

  18. Secure & Flexible Monitoring of Virtual Machines Create a Architecture : • Bryan D.payne & his friends • Bryan D.payne is a Ph.D. Candidate in the College of Computing at the Georgia Institute of Technology • Start a Project in Georgia Tech Information Security Center (GTISC) that was called XenAccess architecture . 18 / 30

  19. Secure & Flexible Monitoring of Virtual Machines Requirements : • They designed the XenAccess architecture based on six high-level requirements. • 1. No superfluous modifications to the VMM. • In general sense ,these requirements can be seen as typical good programming guidelines,or good security guidelines. • 2. No modifications to the VM or the target OS. 19 / 30

  20. Secure & Flexible Monitoring of Virtual Machines Requirements (contd.): • 3. Small performance impact. • 4. Rapid development of new monitors. • 5. Ability to monitor any data on target OS. • 6. Target OS cannot tamper with monitors. 20 / 30

  21. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library : • XenAccess is a library that simplifies the process of memory introspection for virtual machines running on the Xen hypervisor. • With XenAccess, your software can run in one virtual machine and access the memory space of other virtual machines. • The primary goal for the XenAccess architecture is to satisfy the six requirements stated in the Requirements. 21 / 30

  22. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library (contd.): • Xen Access is implemented in C language as a shared library with 1935 source lines of code(SLOC). • The two primary monitoring functionalities in XenAccess Are virtual memory introspection and virtual disk Monitoring . 22/ 30

  23. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library (contd.): • XenAccess & Requirements • Satisfy property 1 with : • Chose Xen as a virtualization solution because it is a Type I VMM (Introspection VMM) 23 / 30

  24. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library (contd.): • Satisfy property 2 with : • with Xen Infrastructure they able to design the monitoring architecture to work without Changes to the target OS. • Satisfy property 3 with : • with examine the xenAccess. 24 / 30

  25. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library (contd.): • Satisfy property 4 with : • with the XenAccess’s API (application program interface). • Satisfy property 5 with : • they desire an architecture that can monitor any data on the target OS. 25 / 30

  26. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Library (contd.): • Satisfy property 6 with : • They placed the monitors in a different VM than the target OS. Xen provides sufficient isolation between VMs for this to be a viable solution. 26 / 30

  27. Secure & Flexible Monitoring of Virtual Machines XenAccess Monitoring Functionalities : • Virtual Memory introspection • Virtual Disk Monitoring 27 / 30

  28. Secure & Flexible Monitoring of Virtual Machines Virtual Memory introspection : XenAccess Memory introspection 28 / 30

  29. Secure & Flexible Monitoring of Virtual Machines Virtual Memory Introspection (contd.) : • An application that monitors for changes in the system call table • Example include : • An application that monitors the integrity of an installed LKM (Linux Kernel Modules ) 29 / 30

  30. Secure & Flexible Monitoring of Virtual Machines conclusion: • VMM & Type • Xen Hypervisor • Memory introspection • XenAccess Monitoring Library 30 / 30

  31. Secure & Flexible Monitoring of Virtual Machines Reference : [1] BD Payne, M Carbone, and W Lee. “Secure and Flexible Monitoring of Virtual Machines”. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), December 2007. [2] Xen introduction.http://wiki.xensource.com/xenwiki/XenIntro,last accessed an 2009/12/22 [3] Xen Hypervisor .http://en.wikipedia.org/wiki/Hypervisor,last accessed an 2009/12/15 [4] Xen Domain .http://wiki.xensource.com/xenwiki/Dom0,last accessed an 2010/01/02

  32. Secure & Flexible Monitoring of Virtual Machines Reference : [5] Xen Domain .http://wiki.xensource.com/xenwiki/DomU,last accessed an 2010/01/02 [6] Xen Architecture.http://wiki.xensource.com/xenwiki/XenArchitecture,last accessed an 2009/12/15

  33. Secure & Flexible Monitoring of Virtual Machines Questions

More Related