SlideShare ist ein Scribd-Unternehmen logo

Hypersafe (Introducing in japanese by third party)

Yosuke CHUBACHI
Yosuke CHUBACHI

Introducing HyperSafe research paper in Japanese.

TechnologieUnterhaltung & Humor
1 von 17
Downloaden Sie, um offline zu lesen
HyperSafe : A Light Apporoach to Provide Lifetime Hypervisor Control-Flow Integrity 31st IEEE Symposium on Security and Privacy (2010) 2010-06-21 id:yuzuhara 2010 6 22 1
Background • • VMM • • (VM escape attack) • hypervisor rootkit(blue pill etc..) 2010 6 22 2
Approach a secure hypervisor • [seL4, SOSP’09] • • Microkernel • • TPM&TXT measured launch • • 2010 6 22 3
Objective • • Control flow integrity • 2010 6 22 4
cf).Control Flow Integrity [Abadi et.al. , CCS’05] • • SFI primitive • jmp call src/dst • programming return-oriented 2010 6 22 5
Goal and Assumptions • Goal • • • • Threat model • • inject, modify, return-to-libc • out-of-band attacks Malicious DMA • TPM,TXT 2010 6 22 6
HyperSafe • • Type1-VMM • •2 • Non-bypassable memory lockdown • Restricted pointer indexing 2010 6 22 7
lifetime hypervisor control-flow integrity load-time run-time integrity control-flow integrity e.g. tboot 1.non-bypassable memory lockdown hypervisor hypervisor code integrity control-data integrity 2.restricted pointer indexing (RPI) Fig.1 A break-down of hypervisor integrity guarantees and corresponding key techniques in HyperSage 2010 6 22 8
1.Non-Bypassable Memory Lockdown • • code • control data • control data... RPI Target Table 2010 6 22 9
1.Non-Bypassable Memory Lockdown (cont’d) • read-only • W^X HW • WPbit OFF • WPbit ON Writable page tables (Traditional) Read-only page tables WP WP Benign Benign OFF ON Malicious Malicious 2010 6 22 10
2.Restricted Pointer Indexing (RPI) • Control flow integrity • call/ret jmp 2010 6 22 11
2.Restricted Pointer Indexing (cont’d) • control data • call/ret, jmp src/dst • static analysis CFG(Call Flow Graph) • CFG Target Table Call Site i Call Site i Target Table i eax Callee j eax Callee j func_j func_j: func_j func_j: call *%eax | call *%eax | Ri: ... ... | Ri: ... ... Target Table j | [esp] | [esp] | Ri Ri ret ret (a) Traditional indirection call (b) New indirection call 2010 6 22 12
2.Restricted Pointer Indexing (cont’d) • CFG(control flow graph) Pointer analysis • LLVM • • BitVisor gs • call/ret control flow RPI 2010 6 22 13
Implementation • Non-bypassable memory lockdown : VMM • Restrict Pointer Indexing : LLVM • LLVM = low level virtual machine • • BitVisor 2 • Xen memory lockdown 2010 6 22 14
• WP bit OFF • <-RPI • subvert page table • <-RPI • Guest <-memory lockdown • Return-oriented programming <- memory lockdown, RPI 2010 6 22 15
Related Work • • seL4[Klein et al, SOSP’09],WIT[Akritidis et al, IEEE S&P’08],KLEE[Cadar et al, OSDI’08] • OS or • SIM[Sharif et al, CCS’09] SecVisor[Seshadri,et al, ’07]SBCFI [Petroni et al,CCS’07] • Trusted Computing • TrustVisor[McCune et al, Oakland’10], Flicker[McCune et al,Eurosys’08],Pioneer[Seshadri et al, SOSP’05] 2010 6 22 16
Summary • HyperSafe integrity Type-1 Hypervisor control flow lifetime hypervisor control-flow integrity load-time run-time integrity control-flow integrity e.g. tboot 1.non-bypassable memory lockdown hypervisor hypervisor code integrity control-data integrity 2.restricted pointer indexing 2010 6 22 17

Empfohlen

Genode Architecture
Genode ArchitectureGenode Architecture
Genode ArchitectureVasily Sartakov
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode CompositionsVasily Sartakov
 
Genode Components
Genode ComponentsGenode Components
Genode ComponentsVasily Sartakov
 
Software testing methodolgy with the control flow analysis
Software testing methodolgy with the control flow analysisSoftware testing methodolgy with the control flow analysis
Software testing methodolgy with the control flow analysisRQK Khan
 
Control-Flow Integrity
Control-Flow IntegrityControl-Flow Integrity
Control-Flow Integritybilcorry
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
Optimal Load flow control using UPFC method
Optimal Load flow control using UPFC methodOptimal Load flow control using UPFC method
Optimal Load flow control using UPFC methodNishant Kumar
 

Empfohlen

Genode Architecture
Genode ArchitectureGenode Architecture
Genode ArchitectureVasily Sartakov
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode CompositionsVasily Sartakov
 
Genode Components
Genode ComponentsGenode Components
Genode ComponentsVasily Sartakov
 
Software testing methodolgy with the control flow analysis
Software testing methodolgy with the control flow analysisSoftware testing methodolgy with the control flow analysis
Software testing methodolgy with the control flow analysisRQK Khan
 
Control-Flow Integrity
Control-Flow IntegrityControl-Flow Integrity
Control-Flow Integritybilcorry
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
Optimal Load flow control using UPFC method
Optimal Load flow control using UPFC methodOptimal Load flow control using UPFC method
Optimal Load flow control using UPFC methodNishant Kumar
 
Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02Takefumi MIYOSHI
 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsHeroku
 
H 264 in cuda presentation
H 264 in cuda presentationH 264 in cuda presentation
H 264 in cuda presentationashoknaik120
 
BM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real TimeBM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real TimeNovell
 
Esp 100107093030-phpapp02
Esp 100107093030-phpapp02Esp 100107093030-phpapp02
Esp 100107093030-phpapp02Takefumi MIYOSHI
 
Circonus: Design failures - A Case Study
Circonus: Design failures - A Case StudyCirconus: Design failures - A Case Study
Circonus: Design failures - A Case StudyHeinrich Hartmann
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC MechanismLihan Chen
 
Performance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized EnvironmentPerformance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized EnvironmentJiaqing Du
 
Continuum PCAP
Continuum PCAP Continuum PCAP
Continuum PCAP rwachsman
 
Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 201244CON
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
 
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」Sho Shimizu
 
Ncm2010 ruo ando
Ncm2010 ruo andoNcm2010 ruo ando
Ncm2010 ruo andoRuo Ando
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011Mats Kindahl
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory AnalysisFrancisco Ribeiro
 
Delphix
DelphixDelphix
DelphixDealmaker Media
 
2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migration2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migrationDidier Durand
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Weitere ähnliche Inhalte

Ähnlich wie Hypersafe (Introducing in japanese by third party)

Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02Takefumi MIYOSHI
 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsHeroku
 
H 264 in cuda presentation
H 264 in cuda presentationH 264 in cuda presentation
H 264 in cuda presentationashoknaik120
 
BM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real TimeBM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real TimeNovell
 
Circonus: Design failures - A Case Study
Circonus: Design failures - A Case StudyCirconus: Design failures - A Case Study
Circonus: Design failures - A Case StudyHeinrich Hartmann
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC MechanismLihan Chen
 
Performance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized EnvironmentPerformance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized EnvironmentJiaqing Du
 
Continuum PCAP
Continuum PCAP Continuum PCAP
Continuum PCAP rwachsman
 
Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 201244CON
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
 
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」Sho Shimizu
 
Ncm2010 ruo ando
Ncm2010 ruo andoNcm2010 ruo ando
Ncm2010 ruo andoRuo Ando
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011Mats Kindahl
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migration2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migrationDidier Durand
 

Ähnlich wie Hypersafe (Introducing in japanese by third party) (20)

Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02Dynamo 100107092845-phpapp02
Dynamo 100107092845-phpapp02
 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
 
H 264 in cuda presentation
H 264 in cuda presentationH 264 in cuda presentation
H 264 in cuda presentation
 
BM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real TimeBM Real-time Technologies for SUSE Linux Enterprise Real Time
BM Real-time Technologies for SUSE Linux Enterprise Real Time
 
Esp 100107093030-phpapp02
Esp 100107093030-phpapp02Esp 100107093030-phpapp02
Esp 100107093030-phpapp02
 
Circonus: Design failures - A Case Study
Circonus: Design failures - A Case StudyCirconus: Design failures - A Case Study
Circonus: Design failures - A Case Study
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC Mechanism
 
Performance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized EnvironmentPerformance Profiling in a Virtualized Environment
Performance Profiling in a Virtualized Environment
 
Continuum PCAP
Continuum PCAP Continuum PCAP
Continuum PCAP
 
Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction
 
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
Openflow勉強会 「OpenFlowコントローラを取り巻く状況とその実装」
 
Ncm2010 ruo ando
Ncm2010 ruo andoNcm2010 ruo ando
Ncm2010 ruo ando
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011MySQL Binary Log API Presentation - OSCON 2011
MySQL Binary Log API Presentation - OSCON 2011
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Delphix
DelphixDelphix
Delphix
 
2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migration2012 06-15-jazoon12-sub138-eranea-large-apps-migration
2012 06-15-jazoon12-sub138-eranea-large-apps-migration
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Hypersafe (Introducing in japanese by third party)

  • 1. HyperSafe : A Light Apporoach to Provide Lifetime Hypervisor Control-Flow Integrity 31st IEEE Symposium on Security and Privacy (2010) 2010-06-21 id:yuzuhara 2010 6 22 1
  • 2. Background • • VMM • • (VM escape attack) • hypervisor rootkit(blue pill etc..) 2010 6 22 2
  • 3. Approach a secure hypervisor • [seL4, SOSP’09] • • Microkernel • • TPM&TXT measured launch • • 2010 6 22 3
  • 4. Objective • • Control flow integrity • 2010 6 22 4
  • 5. cf).Control Flow Integrity [Abadi et.al. , CCS’05] • • SFI primitive • jmp call src/dst • programming return-oriented 2010 6 22 5
  • 6. Goal and Assumptions • Goal • • • • Threat model • • inject, modify, return-to-libc • out-of-band attacks Malicious DMA • TPM,TXT 2010 6 22 6
  • 7. HyperSafe • • Type1-VMM • •2 • Non-bypassable memory lockdown • Restricted pointer indexing 2010 6 22 7
  • 8. lifetime hypervisor control-flow integrity load-time run-time integrity control-flow integrity e.g. tboot 1.non-bypassable memory lockdown hypervisor hypervisor code integrity control-data integrity 2.restricted pointer indexing (RPI) Fig.1 A break-down of hypervisor integrity guarantees and corresponding key techniques in HyperSage 2010 6 22 8
  • 9. 1.Non-Bypassable Memory Lockdown • • code • control data • control data... RPI Target Table 2010 6 22 9
  • 10. 1.Non-Bypassable Memory Lockdown (cont’d) • read-only • W^X HW • WPbit OFF • WPbit ON Writable page tables (Traditional) Read-only page tables WP WP Benign Benign OFF ON Malicious Malicious 2010 6 22 10
  • 11. 2.Restricted Pointer Indexing (RPI) • Control flow integrity • call/ret jmp 2010 6 22 11
  • 12. 2.Restricted Pointer Indexing (cont’d) • control data • call/ret, jmp src/dst • static analysis CFG(Call Flow Graph) • CFG Target Table Call Site i Call Site i Target Table i eax Callee j eax Callee j func_j func_j: func_j func_j: call *%eax | call *%eax | Ri: ... ... | Ri: ... ... Target Table j | [esp] | [esp] | Ri Ri ret ret (a) Traditional indirection call (b) New indirection call 2010 6 22 12
  • 13. 2.Restricted Pointer Indexing (cont’d) • CFG(control flow graph) Pointer analysis • LLVM • • BitVisor gs • call/ret control flow RPI 2010 6 22 13
  • 14. Implementation • Non-bypassable memory lockdown : VMM • Restrict Pointer Indexing : LLVM • LLVM = low level virtual machine • • BitVisor 2 • Xen memory lockdown 2010 6 22 14
  • 15. • WP bit OFF • <-RPI • subvert page table • <-RPI • Guest <-memory lockdown • Return-oriented programming <- memory lockdown, RPI 2010 6 22 15
  • 16. Related Work • • seL4[Klein et al, SOSP’09],WIT[Akritidis et al, IEEE S&P’08],KLEE[Cadar et al, OSDI’08] • OS or • SIM[Sharif et al, CCS’09] SecVisor[Seshadri,et al, ’07]SBCFI [Petroni et al,CCS’07] • Trusted Computing • TrustVisor[McCune et al, Oakland’10], Flicker[McCune et al,Eurosys’08],Pioneer[Seshadri et al, SOSP’05] 2010 6 22 16
  • 17. Summary • HyperSafe integrity Type-1 Hypervisor control flow lifetime hypervisor control-flow integrity load-time run-time integrity control-flow integrity e.g. tboot 1.non-bypassable memory lockdown hypervisor hypervisor code integrity control-data integrity 2.restricted pointer indexing 2010 6 22 17