Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Virtual Machine Introspection with Xen on ARM

2.884 Aufrufe

Veröffentlicht am

Slides for ACSAC 2014 Works-in-Progess

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Virtual Machine Introspection with Xen on ARM

  1. 1. Virtual Machine Introspection with Xen on ARM Tamas K. Lengyel @tklengyel tamas@tklengyel.com
  2. 2. Virtual Machine Introspection 1. Why? 2. What is needed? a. Isolation b. Interpretation c. Interposition 3. Current status
  3. 3. Why? ● Traditional defense mechanisms don’t integrate well into virtual environments ● Mobile (ARM) platform is rapidly growing ● Starting with Cortex-A15 virtualization extensions are available in hardware ● Xen on ARM available since March 2014
  4. 4. Isolation Xen Security Modules on ARM ● Will be available in 4.5 ● Allows for advanced disaggregation ● Security domain separate from the TCB
  5. 5. Interpretation Reconstruct guest OS state information ● LibVMI purpose built for this task ● ARM paging support added in November, 2014 ● Detect running processes, modules, files, users etc. in the guest
  6. 6. Interposition - WiP Step into the execution of the guest when something of interest happens ● Requires hardware & VMM support ● ARM two-stage address translation ● Configure paging to trap memory accesses ● VMM trap handlers need to forward the events to the security domain
  7. 7. Patches merged to Xen 4.5
  8. 8. Interposition - WiP ● Cleanup of Xen MEM_EVENT subsystem ● Xen on ARM trap handlers need performance regression testing ● More research needed into ARM hardware support for event trapping! ● SMC is good but limited to the guest kernel

×