Lares: An Architecture for Secure Active Monitoring Using Virtualization

Lares: An Architecture for Secure Active Monitoring Using Virtualization Bryan
D. Payne - Martim Carbone - Monirul Sharif - Wenke Lee School of Computer Science Georgia Institute of Technology

Lares: An Architecture for Secure Active Monitoring Using Virtualization, Oakland
2008

2008 Kernel User Word Processor Web Browser Email Client Music Player Chat / IM Client Anti-Virus Calendar PDF Viewer Spread- sheet Printer Drivers Anti-Virus Hooks Display Drivers Operating System Kernel

2008 Kernel User Word Processor Web Browser Email Client Music Player Chat / IM Client Calendar PDF Viewer Spread- sheet Printer Drivers Display Drivers Operating System Kernel Anti-Virus Anti-Virus Hooks

2008 Kernel User Word Processor Web Browser Email Client Music Player Chat / IM Client Calendar PDF Viewer Spread- sheet Printer Drivers Display Drivers Operating System Kernel Anti-Virus Anti-Virus Hooks Malware

2008 Kernel User Hypervisor / Virtual Machine Monitor Kernel User Word Processor Web Browser Email Client Music Player Chat / IM Client Calendar PDF Viewer Spread- sheet Printer Drivers Display Drivers Operating System Kernel Guest VM Security VM Anti-Virus Anti-Virus Hooks Malware

2008 Problem Statement: How can we deploy hooks with the security of external monitoring?

2008 Introduction to the Problem Security Requirements Lares Architecture Implementation Details Evaluation Conclusions

2008 • Bypass Hook (A1) • Modify event context (A2) • Tamper with security application (A3) • Tamper with dependencies (A4) • Tamper with response (A5) Active Monitoring Attacks Libraries, OS and other dependencies Kernel or process execution flow Event occurred A1 Event handling finished Security Application Notification Resume/response A2 A4 A3 A5 Hook

2008 • Bypass Hook (A1) • Modify event context (A2) • Tamper with security application (A3) • Tamper with dependencies (A4) • Tamper with response (A5) Active Monitoring Attacks Libraries, OS and other dependencies Kernel or process execution flow Event occurred A1 Event handling finished Security Application Notification Resume/response A2 A4 A3 A5 Hook Prevented by virtualization protections

2008 Security Assumptions and Threat Model • We can boot the machine into a known good state (secure boot) • We can initialize the protection mechanism before opening the system to attack • The guest VM can be attacked in any way, including kernel-level rootkits • The security VM and hypervisor are secure

2008 Lares Architecture • Hypervisor provides protection and inter-VM comms • Memory protection used for hooks and trampoline, security relies on hypervisor being trusted Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Hooks User Processes ... Memory Protector Introspection API Security Application Security Driver Trampoline

2008 Lares Architecture • Guest VM is where user does regular work • Protected hooks transfer execution to trampoline • Trampoline transfers execution to Security VM, using an inter-VM communication channel Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Hooks User Processes ... Memory Protector Introspection API Security Application Security Driver Trampoline

2008 Lares Architecture • Security VM is where security application runs • Receives event notiﬁcations from trampoline through the inter-VM communication channel • Uses introspection to enrich context information Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Hooks User Processes ... Memory Protector Introspection API Security Application Security Driver Trampoline

2008 Challenges • Protecting hooks / trampoline from attack - Hooks in a ﬁxed location is hard - Flexible hook placement is even harder • Acceptable performance impact for production-level systems - Comparable to current state-of-the-art

2008 Guest Initialization

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Guest Initialization

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM User Kernel Guest Initialization Driver Loader

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM User Kernel Guest Initialization Driver Loader Driver

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM User Kernel Guest Initialization Driver

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM User Kernel Guest Initialization Driver Trampoline

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM User Kernel Guest Initialization Driver Trampoline VMCALL

2008 Security VM Details

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Security VM Details

2008 Hardware (CPU + virtualization extensions) Hypervisor Guest VM Security VM Security VM Details User Kernel Security Driver virtual IRQ via event channel hypercall Security Application signal ioctl Guest VM Introspection Memory Map

2008 Memory Protections • Xen marks the associated memory pages as read- only, forcing a trap to Xen on write Is the PF listed as protected? Mark as read-only Shadow page table PTE propagation NO Virtual Machine YES Guest page table Virtual Physical Memory Protection Policy Guest VM Security VM

2008 Memory Protections Is the write targeted at a protected region? Emulate the write Propagate exception to guest NO YES Page fault due to failed write Technique for byte-level memory protection

2008 Protecting Hook and Trampoline Code • Protect critical kernel data structures that are rooted in hardware (e.g., IDT and SSDT) • Protect the hook itself • Protect the trampoline memory • Disable interrupts while executing trampoline

2008 Example Application • Goal: Mediate process creation • Hook: NTCreateSection • Security Application Decision: - Hook arguments include ﬁle handle - Handle lookup using introspection - File checked before allowing execution EPROCESS EPROCESS EPROCESS PsInitialSystemProcess HandleTable ... Handle Tables L1,L2,L3 Object Header Object TableCode EPROCESS EPROCESS ObjectCode Object Body

2008 Performance Comparison (all times are in micro-seconds) Traditional Hook 0 10 20 30 40 Lares Hook 0 10 20 30 40

2008 Security Analysis • Bypass Hook (A1) • Modify event context (A2) • Tamper with security application (A3) • Tamper with dependencies (A4) • Tamper with response (A5)

2008 “Bypass Hook” Attacks • A1.5 and A1.6 are protected via memory protections • A1.2 and A1.4 also protected via memory protections • A1.3 would require attacker to relocate all of the kernel’s memory, which is difﬁcult to do without detection • A1.1 protected on AMD, on Intel requires monitoring IDTR IDT Syscall dispatcher Trampoline SSDT hook GDTR + GDT + Paging structures To Security VM A1.5 A1.4 A1.2 A1.1 A1.3 A1.6

2008 Security Analysis • Bypass Hook (A1) • Modify event context (A2) • Tamper with security application (A3) • Tamper with dependencies (A4) • Tamper with response (A5)

2008 Security Analysis • Bypass Hook (A1) • Modify event context (A2) • Tamper with security application (A3) • Tamper with dependencies (A4) • Tamper with response (A5) Prevented by disabling interrupts

2008 User Kernel Security Application Security Driver User Kernel Trampoline User Kernel Security Application Security Driver Guest VM Hypervisor Security VM Lares Architecture Traditional Architecture

Questions?

Lares: An Architecture for Secure Active Monitoring Using Virtualization

Lares: An Architecture for Secure Active Monitoring Using Virtualization

More Decks by Bryan Payne

Other Decks in Research

Featured

Transcript