Email: cychen07@nuk.edu.tw - PowerPoint PPT Presentation

About This Presentation
Title:

Email: cychen07@nuk.edu.tw

Description:

- : : 401 Email: cychen07_at_nuk.edu.tw :100/8/30 – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 36
Provided by: XP94
Category:
Tags: cychen07 | edu | email | nuk | vmotion

less

Transcript and Presenter's Notes

Title: Email: cychen07@nuk.edu.tw


1
?????-??
??????
??? ?401 Email cychen07_at_nuk.edu.tw
??100/8/30
2
?????-??
??
1.??? 2.?????-???? 3.?????-?? 4.???????? 5.???????
? 6.???????? 7.??
??100/8/30
3
1.???
The Importance of Virtualization System Security
????(Cloud Computing)
????????
????????(Server Virtualization)
??????????????????????????1??????????????????????,
???????????????????(live migration)???
??????
4
1.???
??????
??????
5
1.???
The Importance of Virtualization System Security
?????????????
?????20
? Q4 2009, 18.2????????1
???????????????
1??IDC
6
1.???
?????????(1999-2009)
7
2.?????-????
?????
?????
?????
(2)
(1)
(5)
?????
(3)
(4)
(6)
8
2.?????-????
??????????????? ???????????????
(1)?????
Management console
??????????? ?????????????
(2)?????
Management server
??????? ????? (like Xen)?????????
(hypervisor)??? ????????????????????
(3)??????
Administrative VM
9
2.?????-????
(4)??????
??????????
Hypervisor
???????? ??????????????????????
(5)??????
Guest VM
?????? ????? ????????????????????????
?????????????
(6)?????? ????
Hypervisor escape
10
2.?????-????
????
11
3.?????-??
????????????????? ????????????????? ???????????
??????????????????
(1)?????
Management server attacks
??halting the system??????(denial of service)
??crashing????????????(denial of
service) ?????????????? ?? buffer overflows
?????????? ?????????????????? ????(authenticatio
n)??
(2)????????
Administrative VM attacks
12
3.?????-??
???????? ???????????????????
(3)????????
VM jumping/guest hopping
Hypervisor attacks
?????????????????? ?????????? ????????? ??????
???????????
(4)????????
Guest VM attacks
?????? ????????? ??????? ????????? ???????????

13
3.?????-??
If migration protocol is unencrypted,
susceptible to man-in-the-middle attack Allows
arbitrary state in VM to be modified In default
configuration, XenMotion is susceptible (no
encryption) VMwares VMotion system supports
encryption
(5)??????????
unencrypted
Host VM A
Host VM B
man-in-the-middle
Host A ?? VM ?Host B
14
3.?????-??
?????? VM migration is transfer of guest OS from
one physical server to another Implemented by
several virtualization products Provides high
availability and dynamic load balancing
??
VM
VM
VM
VM
VM
VM
VMware EXS
VMware EXS
15
3.?????-??
(6)???? Hyperjacking
Hyperjacking rootkit??,?????????????,??????????? ?
??????? ??????????????paged-out kernel code
?pagefiles (1) ???kernel code ???memory
(2) ??page file??????????,?Shellcode???dispatch
function (3) ??????????? (4)
??,??Shellcode,?????????? (5)
??????????? ?????? ?? BluePill, SubVirt, Vitriol
16
???? Hyperjacking- Blue Pill??
Blue Pill
??
???IT????COSEINC????????Joanna Rutkowska?2006????
??
??AMD?SVM/Pacifica????????????????????(hypervisor)
,??????????????????????????Windows
Vista???????????????????????x64-based???anti-
rootkit ?????(???64????Vista?????????,????????????
?????)
????http//www.isecutech.com.tw/news/view.asp?nid
2705/
17
???? Hyperjacking- Blue Pill??
Blue Pill
Rutkowska??????????,Blue Pill????????????,????????
?????????????,??Pacifica???????,??Blue
Pill??????????????????,????????????????????,Blue
Pill????????????Blue Pill????????????????????????
Blue Pill???Windows Vista????????,???????????Linux
?BSD??????x64????????
????http//www.isecutech.com.tw/news/view.asp?nid
2705/
18
???? Hyperjacking- SubVirt??
SubVirt
??
Microsoft Research ? University of Michigan
????2006????
??
????????????????(????????????)????????(?????)????,
???????????????????????
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
19
???? Hyperjacking- subvirt??
Intel x86? CPU ?????,???? Ring 0 (????) ??IO
devices?CPU? Memory???????? Ring 1 Ring 2 Ring 3
?????????????????(system call)????????
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
20
???? Hyperjacking- subvirt??
????????????????????,?????????????? Ring
0??,????????????????????????????,??????????(Virtua
l Machine Monitor), ????VMM VMM???????????????Rin
g???VMM?????,????full virtualization,?????paravirt
ualization,????????full virtualization????????,???
??????????,?paravirtualization??????,?????????????
????????
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
21
???? Hyperjacking- subvirt??
?2005?2006?,Intel ? AMD ????????????? VT-x ?
AMD-V?? Intel VT-x ??,?? CPU?????????,??????????(r
oot operation),??????VMM?????,????????????????????
??????(not root operation)??????,????????Ring
0???,???????????Ring 3,??????????????????????????,

???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
22
???? Hyperjacking- subvirt??
Subvirt
Subvirt??????,??????????????????,????????????????V
MM,????????????VMM?,?????????????VMM??????????,???
??????????????????????????,?Subvirt???????,???????
?(a)??,?????????????,??????????????????????????,VM
M???,???????????????VMM?????????,?Subvirt?????????
???VMM?????????????,??(b)???
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
23
???? Hyperjacking- subvirt??
Subvirt
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
24
???? Hyperjacking- subvirt??
Subvirt
?????????Subvirt????????? 1.Subvirt???????????,?
??????????????? 2. ?Subvirt??????,????????????????
??????Subivrt?????? 3.????????,Subvirt?????????VMM
,???????????????????VMM? 4.Subvirt?????????????,??
???????????
???????????????Rootkit, http//knowledge.twisc.n
tust.edu.tw/
25
???? Hyperjacking- Vitriol??
Vitriol
??
Dino Dai Zovi??
??
  • ??Intel???VT-x????????,???????AMD????????(SVM)/Pac
    ifica?????????

26
4.????????
(1)???????????? ??5??259 ??? (X-Force
DataBase) (2)?????????????? (3)???????
(hypervisor) ??????? (4)????????? (5)?????????????
????,???????? (6)????????????, ????????? (7)??????
?????,????????
27
??????
?????????????????????? ?????????????????????????
?????SSL???????
????
??????????????? ??????????????
???????????????? ??BotNet???????
??,??????????????????????????????????
?????
?????? ?????
?????? ?(Inter-VM)
??????
??????
28
????????
29
5.????????
???????????? IBM Security Virtual Server
Protection for VMWare ?????????????????????????
??IPS protection (?? IPS ???????????) Future
may see virtualization-based sandboxing ??(Sandbo
x)?????????(locked-down OS) ??????????????? ??,
?????? ??(Sandbox)???????????,??????????????
??(Sandboxing)???????????????????,???????????????
???????????,?????????????????Leopard ????????
(???? Bonjour ???? Spotlight ????) ???
sandbox????,????????
30
6.????????
??????? ?????????????????? ?????????????????????
????????? ????????????? ???????????????? ??logg
ing
31
6.????????
???????? ????????? ????????????? ??????????????
????log?? ?? log ????? filling
partitions ?????????????????? ??????????????? ?
???root login
32
6.????????
???????? ????? ????? OS ??????? ????????
???????????? ???????? ???????? ??????(
access control) ?????? ?????? auditing of file
operations (access, creation, deletion,
) ?????????? virtual devices VMware
?????????VM ??
33
6.????????
?????? ??????????? hypervisor ??????????????????
???????? ???????,??????? ??VM traffic
?????(Virtual Switch)??VLAN port groups in
????VM????? virtual adapter ?????????? port
group ?port groups??????????(virtual adapters)
???????
34
7.??
(1) ???????????????? (2) ???????????????
35
????
???? Virtualization System Security Bryan
Williams, IBM X-Force Advanced Research Tom
Cross, Manager, IBM X-Force Security Strategy
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Email: cychen07@nuk.edu.tw" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!