Improving Xen Security through Disaggregation

1
Improving Xen Security through Disaggregation
Derek Murray
Grzegorz Milos
Steven Hand
2
Outline

• The myth of the secure hypervisor
• Trusted computing bases
• Disaggregating Xen
• Results
• Future work

3
Xen
OS
VM

• Small hypervisor
• 100k lines of code
• Provides isolation between VMs
• Trusting the virtual machine monitor is akin to
  trusting a real processor

Xen
Hardware
4
Domain Zero
VM
Dom0

• Full Linux distribution
• User-space tools for VM management
• Privileged hypervisor interface
• Map foreign memory
• Set foreign VCPU
• Therefore must be trusted

Xen
Hardware
5
Threat Model

• Malicious software running as Dom0 root
• Root exploit on Dom0
• Untrusted administrator
• Want to protect security of other VMs
• Confidentiality
• Integrity
• Solution disaggregation

6
Trusted Computing Base

• The set of components on which a subsystem
  depends
• The totality of protection mechanisms...
  responsible for enforcing a computer security
  policy
• Anything that can directly invoke a privileged
  operation
• And hence undermine security

7
Call Graph
PD z
PD y
PD x
8
Current Xen Control Stack
Build VM
Dom0 User
Make hypercall
Dom0 Kernel
Map memory
Set VCPU
Hypervisor
9
Minimise the TCB?
Build VM
Dom0 User
Make hypercall
Dom0 Kernel
Map memory
Set VCPU
Hypervisor
10
Smaller is not always better
Dom0 User
Build VM
Make hypercall
DomB
Map memory
Set VCPU
Hypervisor
11
Implementation
Xend

DomB
Dom0
DomU
Xen
12
Results

• Smaller, static TCB
• No longer contains Dom0 userspace
• Now only VMM, DomB and Dom0 kernel
• With an I/O MMU, only VMM and DomB
• Other VMs protected from Dom0 root

13
Future Work

• Virtual TPM support
• Automated techniques for disaggregation
• Metrics for trustworthiness

14
Conclusions

• Virtualised TCB can be surprising
• Smaller TCB is not always better
• Choosing appropriate interfaces is crucial

15
Questions