sVirt: Hardening Linux Virtualization with Mandatory Access Control

•

5 gefällt mir•1,990 views

sVirt talk given at Linux.conf.au, Hobart, 2009. Video of the talk: http://video.google.com.au/videoplay?docid=5750618585157629496

Technologie News & Politik

sVirt: Hardening Linux
Virtualization with Mandatory
Access Control

James Morris
Red Hat Security Engineering

Linux.conf.au 2009
Hobart, Australia

Goal:

Improve security for Linux
virtualization

Linux Virtualization:

Where the “hypervisor” is a normal
Linux process

Host Userspace

Guest Guest Guest
Userspace Userspace Userspace

Guest Guest Guest
Kernel Kernel Kernel

Host Kernel

Host Hardware

Utilize existing process-based
security mechanisms

DAC is not enough:

Subjects can modify own security
policy

Mandatory Access Control
(MAC):

Subjects cannot bypass security
policy

Virtualization Threat Model

(work in progress)

Virtualization introduces new
security risks

Flawed hypervisor:

Malicious guest breaks out, attacks
other guests or host

Before virtualization:

Systems were physically separated,
damage limited to network attacks

Host Userspace Host Userspace

Web Server DNS Server

Host Kernel Host Kernel

Host Hardware Host Hardware

Attack

Local Network

After virtualization:

Guest systems running on same
server, possibly as same UID

Host Userspace

Guest Userspace Guest Userspace

Guest
Web Server Guest
DNS Server
Userspace Userspace

Guest
Guest local Guest
Guest
Kernel
Kernel exploits Kernel
Kernel

Host Kernel

Host Hardware memory,
storage, etc.

Malicious or compromised guests
can now attack other guests via
local mechanisms

Hypervisor vulnerabilities:

Not theoretical

Evolving field

Potentially huge payoffs

sVirt in a nutshell:

Isolate guests using MAC security
policy

Contain hypervisor breaches

libvirt:

Virtualization API by Daniel Veillard

Abstraction layer for managing
different virt schemes

Xen, KVM, LXC, OpenVZ

Simplified libvirt architecture

drivers host
node
hypervisors storage hypervisor

Xen iSCSI
KVM NFS guest

OpenVZ logical guest
LXC fs
guest
UML disk

API

storage
virsh virt-manager

sVirt design:

Pluggable security framework for
libvirt

Supports MAC security schemes
(SELinux, SMACK)

sVirt design:

Security “driver” manages MAC
labeling of guests and resources

MAC policy enforced by host kernel

Simplified libvirt architecture w/ SVirt

drivers host
node
hypervisors storage security hypervisor

Xen iSCSI SELinux *
KVM NFS etc. guest

OpenVZ logical guest
LXC fs
guest
UML disk

*

API
* security labels

* *

storage
virsh virt-manager

sVirt design:

Reuse of proven code and security
models

Coherent and complete system
policy

Reduced complexity and cost

sVirt design:

Must be usable and useful with
demonstrable value

sVirt v1.0:

Provide simple isolation of guests

Zero configuration

Debuggable

SELinux Policy:

Guests and resources uniquely
labeled

virtd_isolated_t:<UUID>

SELinux Policy:

Coarse rules for all isolated guests
applied to virtd_isolated_t

SELinux Policy:

For simple isolation: all accesses
between different UUIDs are denied

Host Userspace

virtd_isolated_t:1 virtd_isolated_t:2

Guest
Web Server Guest
DNS Server
Userspace Userspace

Guest
Guest Guest
Guest
Kernel
Kernel Kernel
Kernel

Host Kernel

SELinux

Host Hardware

virt_image_t:1 virt_image_t:2

Future enhancements:

Different types of isolated guests

virtd_isolated_webserver_t

Future enhancements:

Virtual network security

Controlled flow between guests

Distributed guest security

Multilevel security

Related work:

Labeled NFS

Labeled Networking

XACE

Similar work:

XSM (port of Flask to Xen)

Several proprietary schemes

Current status:

Low-level libvirt integration done

Can launch labeled guest

Basic label support in virsh

sVirt project page:

http://selinuxproject.org/page/SVirt

Weitere ähnliche Inhalte

Was ist angesagt?

Virtunoid: Breaking out of KVM

Nelson Elhage

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Docker, Linux Containers (LXC), and security

Jérôme Petazzoni

LXC, Docker, security: is it safe to run applications in Linux Containers?

Jérôme Petazzoni

Scale 12x Securing Your Cloud with The Xen Hypervisor

The Linux Foundation

Introduction to linux containers

Google

Lxc – next gen virtualization for cloud intro (cloudexpo)

Boden Russell

S4 xen hypervisor_20080622

Todd Deshane

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR

Vanika Kapoor

Christian Kniep from Docker Inc. gave this talk at the Stanford HPC Conference. "This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward, Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion, attendees will get an update on what problems still hinder the adoption of containers for distributed high performance workloads and how Docker is addressing these issues." Christian Kniep is a Technical Account Manager at Docker, Inc. With a 10 year journey rooted in the HPC parts of the german automotive industry, Christian Kniep started to support CAE applications and VR installations. When told at a conference that HPC can not learn anything from the emerging Cloud and BigData companies, he became curious and was leading the containerization effort of the cloud-stack at Playstation Now. Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander. During the day he helps Docker customers in the EMEA region to fully utilize the power of containers; at night he likes to explore new emerging trends by containerizing them first and seek application in the nebulous world of DevOps. Watch the video: https://wp.me/p3RLHQ-i4X Learn more: http://docker.com and http://hpcadvisorycouncil.com Sign up for our insideHPC Newsletter: http://insidehpc.com

Linux Container Technology 101

inside-BigData.com

LCA13: Xen on ARM

Linaro

Container security

Anthony Chow

The OpenXT Project is an Open Source community producing a Xen-based platform for client devices with a focus on providing strong security properties. The different primary use cases of this project versus server-based Xen systems have motivated notable technical differences and consequently OpenXT should be of interest to anyone seeking to understand the full set of capabilities on offer within the Xen ecosystem. In this presentation, Christopher Clark will describe the technical architecture of OpenXT, its current status and development activity within the project and its engagement with the upstream OpenEmbedded and Xen projects. This will include an overview of OpenXT's differentiating features such as Measured Launch, Virtual TPMs, Linux-based stubdoms, a specialized input layer and a distinct PV USB stack for Windows and Linux.

XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems

The Linux Foundation

The Xen Hypervisor is 15 years old, but like Linux, it is still undergoing significant upgrades and improvements. This talk will cover recent and upcoming developments in Xen on the x86 architecture, including the newly-released 'PVH' guest virtualization mode, the future of PV mode, qemu deprivileging, and more. We will cover why these new features are important for a wide range of environments, from cloud to embedded.

XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...

The Linux Foundation

Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. In this presentation, we will: - Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code - Discuss how to mitigate those risks - Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC

Docker, Linux Containers, and Security: Does It Add Up?

Jérôme Petazzoni

A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers: - Definitions and motivations for containers - Container technology stack - Containers vs Hypervisor VMs - Cgroups - Namespaces - Pivot root vs chroot - Linux Container image basics - Linux Container security topics - Overview of Linux Container tooling functionality - Thoughts on container portability and runtime configuration - Container tooling in the industry - Container gaps - Sample use cases for traditional VMs Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.

Linux Container Brief for IEEE WG P2302

Boden Russell

As the first ARM servers and microservers hit the market, Xen on ARM is becoming more mature, stable and reaching feature parity with x86. This talk will present the current status of the project, will describe the latest improvements, the gaps that still need to be filled and the roadmap going forward. ARMv8 silicon is now available for purchase: we can measure how well Xen on ARM 64-bit is performing on real hardware and compare the performance figures with other hypervisors. The presentation will show these results, it will measure the overhead introduced by Xen on ARM and will compare it with the overhead introduced by Xen and KVM on x86. The talk will explain the reasons behind performance shortfalls and present ideas on how to address them in the future. The performance results will be used to determine when it makes sense to use Xen on ARM and what are the best use cases for it.

XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix

The Linux Foundation

BACD July 2012 : The Xen Cloud Platform

The Linux Foundation

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Boden Russell

Evoluation of Linux Container Virtualization

Imesh Gunaratne

Container security

Anthony Chow

Was ist angesagt? (20)

Virtunoid: Breaking out of KVM

Docker, Linux Containers (LXC), and security

LXC, Docker, security: is it safe to run applications in Linux Containers?

Scale 12x Securing Your Cloud with The Xen Hypervisor

Introduction to linux containers

Lxc – next gen virtualization for cloud intro (cloudexpo)

S4 xen hypervisor_20080622

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR

Linux Container Technology 101

LCA13: Xen on ARM

Container security

XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems

XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...

Docker, Linux Containers, and Security: Does It Add Up?

Linux Container Brief for IEEE WG P2302

XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix

BACD July 2012 : The Xen Cloud Platform

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Evoluation of Linux Container Virtualization

Container security

Ähnlich wie sVirt: Hardening Linux Virtualization with Mandatory Access Control

In a traditional Xen configuration domain 0 is used for a large number of different functions including running the toolstack(s), backends for network and disk I/O, running the QEMU device model instances, driving the physical devices in the system, handling guest console/framebuffer I/O and miscellaneous monitoring and management functions. Having all these functions in one domain produces a complex environment which is susceptible to shared fate on the failure of any one function, has complex interactions between functions (including resource contention) which makes it difficult to predict performance, and has limited flexibility (such as requiring the same kernel for all device drivers). ""Domain 0 disaggregation"" has been discussed for some time as a way to break out domain 0's functions into separate domains. Doing this enables each domain to be tailored to its function such as using a different kernel or operating system to drive different physical devices. Splitting functions into separate domains removes some of the unintentional interactions such as in-domain resource contention and reduces the system impact of the failure of a single function such as a device driver crash. Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility. This talk will describe XenServer's “Windsor” architecture and explain how it will provide the above benefits to customers and users. We will present an overview of the architecture and some early experimental measurements showing the benefits.

Windsor: Domain 0 Disaggregation for XenServer and XCP

The Linux Foundation

CloudStack, the world's leading open-source cloud infrastructure platform, was recently donated to the Apache Foundation, and is now an incubated Apache project. Ewan Mellor, Director of Engineering in the Citrix Cloud Platforms Group will describe the CloudStack project and explain why Xen is the pre-eminent hypervisor in public clouds today. He will describe the changes coming in CloudStack in the next 12 months, and how they are going to change the way that Xen is consumed in public and private clouds next year.

Xen and Apache cloudstack

The Linux Foundation

Xen Project Update LinuxCon Brazil

The Linux Foundation

Improvements in Failover Clustering in Windows Server 2012

Microsoft TechNet - Belgium and Luxembourg

Windows server 2012 failover clustering improvements

Susantha Silva

Security Best Practices For Hyper V And Server Virtualization

rsnarayanan

Virtualization Primer for Java Developers

Richard McDougall

12 christian ferber xen_server_advanced

Digicomp Academy AG

Look Into Libvirt Osier Yang

OpenCity Community

CSA Presentation 26th May Virtualization securityv2

vivekbhat

Linux container & docker

ejlp12

The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.

Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP

The Linux Foundation

Nova for Physicalization and Virtualization compute models

openstackindia

LinuxCon NA 2012: Virtualization in the cloud featuring xen

The Linux Foundation

Windows 2008 R2 Virtualization

Eduardo Castro

The virtualization can be described in a generic way as a separation of the service request from the underlying physical delivery of that service. In computer virtualization, an additional layer called hypervisor is typically added between the hardware and the operating system. The hypervisor layer is responsible for both sharing of hardware resource and the enforcement of mandatory access control rules based on the available hardware resources. There are three types of virtualization: full virtualization, para-virtualization and operating system level (OS-level) virtualization.

Linux virtualization

Google

淺談探索 Linux 系統設計之道

National Cheng Kung University

Virtualization in the cloud

CloudStack - Open Source Cloud Computing Project

Virtualization in the Cloud @ Build a Cloud Day SFO May 2012

The Linux Foundation

Virtualization securityv2

vivekbhat

Ähnlich wie sVirt: Hardening Linux Virtualization with Mandatory Access Control (20)

Windsor: Domain 0 Disaggregation for XenServer and XCP

Xen and Apache cloudstack

Xen Project Update LinuxCon Brazil

Improvements in Failover Clustering in Windows Server 2012

Windows server 2012 failover clustering improvements

Security Best Practices For Hyper V And Server Virtualization

Virtualization Primer for Java Developers

12 christian ferber xen_server_advanced

Look Into Libvirt Osier Yang

CSA Presentation 26th May Virtualization securityv2

Linux container & docker

Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP

Nova for Physicalization and Virtualization compute models

LinuxCon NA 2012: Virtualization in the cloud featuring xen

Windows 2008 R2 Virtualization

Linux virtualization

淺談探索 Linux 系統設計之道

Virtualization in the cloud

Virtualization in the Cloud @ Build a Cloud Day SFO May 2012

Virtualization securityv2

Mehr von James Morris

Unix was not designed with security primarily in mind. It was initially developed in the late 1960s -- before the Internet was invented. While relatively simple, the Unix security model is inadequate for protecting against common security threats. Its designers identified fundamental design flaws over thirty years ago. As Linux is modeled on Unix, it inherits this traditional Unix security model. Meeting modern security requirements has required significant enhancements to Linux, which are ongoing, but well-advanced. While many new security ideas have emerged, Linux developers have necessarily been constrained by decades of operating system standards and conventions. Aimed at admins, developers and technical managers, the talk will cover: * The historical context of Linux security * Modern security OS requirements * How these requirements are being addressed (or not) by various enhancements made to Linux security * Areas of ongoing and future work. We'll also consider how FOSS culture contributes to security.

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

James Morris

Secure and Simple Sandboxing in SELinux

James Morris

Adding Extended Attribute Support to NFS

James Morris

Linux Kernel Security Overview - KCA 2009

James Morris

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

James Morris

OLPC Networking Overview

James Morris

Directions in SELinux Networking

James Morris

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

James Morris

SELinux Project Overview - Linux Foundation Japan Symposium 2008

James Morris

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

James Morris

Kernel Security for 2.8 - Kernel Summit 2004

James Morris

Better IPSec Security Association Resolution - Netconf 2006 Tokyo

James Morris

The State of Security Enhanced Linux - FOSS.IN/2007

James Morris

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

James Morris

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

James Morris

SELinux Kernel Internals and Architecture - FOSS.IN/2005

James Morris

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

James Morris

Mehr von James Morris (17)

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Secure and Simple Sandboxing in SELinux

Adding Extended Attribute Support to NFS

Linux Kernel Security Overview - KCA 2009

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

OLPC Networking Overview

Directions in SELinux Networking

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

SELinux Project Overview - Linux Foundation Japan Symposium 2008

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Kernel Security for 2.8 - Kernel Summit 2004

Better IPSec Security Association Resolution - Netconf 2006 Tokyo

The State of Security Enhanced Linux - FOSS.IN/2007

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Kürzlich hochgeladen

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Manulife - Insurer Transformation Award 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Why Teams call analytics are critical to your entire business

Powerful Google developer tools for immediate impact! (2023-24 C)

Manulife - Insurer Transformation Award 2024

AWS Community Day CPH - Three problems of Terraform

Data Cloud, More than a CDP by Matt Robison

AXA XL - Insurer Innovation Award Americas 2024

presentation ICT roal in 21st century education

MS Copilot expands with MS Graph connectors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Artificial Intelligence Chap.5 : Uncertainty

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

GenAI Risks & Security Meetup 01052024.pdf

Strategies for Landing an Oracle DBA Job as a Fresher

FWD Group - Insurer Innovation Award 2024

A Beginners Guide to Building a RAG App Using Open Source Milvus

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

MINDCTI Revenue Release Quarter One 2024

Automating Google Workspace (GWS) & more with Apps Script

sVirt: Hardening Linux Virtualization with Mandatory Access Control

1. sVirt: Hardening Linux Virtualization with Mandatory Access Control James Morris Red Hat Security Engineering Linux.conf.au 2009 Hobart, Australia

2. Goal: Improve security for Linux virtualization

3. Linux Virtualization: Where the “hypervisor” is a normal Linux process

4. KVM Lguest UML

5. Host Userspace Guest Guest Guest Userspace Userspace Userspace Guest Guest Guest Kernel Kernel Kernel Host Kernel Host Hardware

6. Utilize existing process-based security mechanisms

7. DAC is not enough: Subjects can modify own security policy

8. Mandatory Access Control (MAC): Subjects cannot bypass security policy

9. Virtualization Threat Model (work in progress)

10. Virtualization introduces new security risks

11. Flawed hypervisor: Malicious guest breaks out, attacks other guests or host

12. Before virtualization: Systems were physically separated, damage limited to network attacks

13. Host Userspace Host Userspace Web Server DNS Server Host Kernel Host Kernel Host Hardware Host Hardware Attack Local Network

14. After virtualization: Guest systems running on same server, possibly as same UID

15. Host Userspace Guest Userspace Guest Userspace Guest Web Server Guest DNS Server Userspace Userspace Guest Guest local Guest Guest Kernel Kernel exploits Kernel Kernel Host Kernel Host Hardware memory, storage, etc.

16. Malicious or compromised guests can now attack other guests via local mechanisms

17. Hypervisor vulnerabilities: Not theoretical Evolving field Potentially huge payoffs

18. sVirt in a nutshell: Isolate guests using MAC security policy Contain hypervisor breaches

19. libvirt: Virtualization API by Daniel Veillard Abstraction layer for managing different virt schemes Xen, KVM, LXC, OpenVZ

20. Simplified libvirt architecture drivers host node hypervisors storage hypervisor Xen iSCSI KVM NFS guest OpenVZ logical guest LXC fs guest UML disk API storage virsh virt-manager

21. sVirt design: Pluggable security framework for libvirt Supports MAC security schemes (SELinux, SMACK)

22. sVirt design: Security “driver” manages MAC labeling of guests and resources MAC policy enforced by host kernel

23. Simplified libvirt architecture w/ SVirt drivers host node hypervisors storage security hypervisor Xen iSCSI SELinux * KVM NFS etc. guest OpenVZ logical guest LXC fs guest UML disk * API * security labels * * storage virsh virt-manager

24. sVirt design: Reuse of proven code and security models Coherent and complete system policy Reduced complexity and cost

25. sVirt design: Must be usable and useful with demonstrable value

26. sVirt v1.0: Provide simple isolation of guests Zero configuration Debuggable

27. SELinux Policy: Guests and resources uniquely labeled virtd_isolated_t:<UUID>

28. SELinux Policy: Coarse rules for all isolated guests applied to virtd_isolated_t

29. SELinux Policy: For simple isolation: all accesses between different UUIDs are denied

30. Host Userspace virtd_isolated_t:1 virtd_isolated_t:2 Guest Web Server Guest DNS Server Userspace Userspace Guest Guest Guest Guest Kernel Kernel Kernel Kernel Host Kernel SELinux Host Hardware virt_image_t:1 virt_image_t:2

31. Future enhancements: Different types of isolated guests virtd_isolated_webserver_t

32. Future enhancements: Virtual network security Controlled flow between guests Distributed guest security Multilevel security

33. Related work: Labeled NFS Labeled Networking XACE

34. Similar work: XSM (port of Flask to Xen) Several proprietary schemes

35. Current status: Low-level libvirt integration done Can launch labeled guest Basic label support in virsh

36. sVirt project page: http://selinuxproject.org/page/SVirt

37. Questions...

sVirt: Hardening Linux Virtualization with Mandatory Access Control

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie sVirt: Hardening Linux Virtualization with Mandatory Access Control

Ähnlich wie sVirt: Hardening Linux Virtualization with Mandatory Access Control (20)

Mehr von James Morris

Mehr von James Morris (17)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

sVirt: Hardening Linux Virtualization with Mandatory Access Control