O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Virtual Machine Introspection with Xen on ARM

3.244 visualizações

Publicada em

Slides for ACSAC 2014 Works-in-Progess

Publicada em: Software
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Virtual Machine Introspection with Xen on ARM

  1. 1. Virtual Machine Introspection with Xen on ARM Tamas K. Lengyel @tklengyel tamas@tklengyel.com
  2. 2. Virtual Machine Introspection 1. Why? 2. What is needed? a. Isolation b. Interpretation c. Interposition 3. Current status
  3. 3. Why? ● Traditional defense mechanisms don’t integrate well into virtual environments ● Mobile (ARM) platform is rapidly growing ● Starting with Cortex-A15 virtualization extensions are available in hardware ● Xen on ARM available since March 2014
  4. 4. Isolation Xen Security Modules on ARM ● Will be available in 4.5 ● Allows for advanced disaggregation ● Security domain separate from the TCB
  5. 5. Interpretation Reconstruct guest OS state information ● LibVMI purpose built for this task ● ARM paging support added in November, 2014 ● Detect running processes, modules, files, users etc. in the guest
  6. 6. Interposition - WiP Step into the execution of the guest when something of interest happens ● Requires hardware & VMM support ● ARM two-stage address translation ● Configure paging to trap memory accesses ● VMM trap handlers need to forward the events to the security domain
  7. 7. Patches merged to Xen 4.5
  8. 8. Interposition - WiP ● Cleanup of Xen MEM_EVENT subsystem ● Xen on ARM trap handlers need performance regression testing ● More research needed into ARM hardware support for event trapping! ● SMC is good but limited to the guest kernel