Slide 1

Slide 1 text

Introduction to Qubes OS bhyvecon Tokyo 2014 @ntddk

Slide 2

Slide 2 text

Self-introduction ● Yuma Kurogome(@ntddk) ● Takeda Lab @ KEIO Univ. ● Researching about security in low-layer ● Participant of Security Camp '11, '13 ● CTF player @ EpsilonDelta

Slide 3

Slide 3 text

What is Qubes OS?

Slide 4

Slide 4 text

What is Qubes OS? ● Secure VM developing by Invisible Things Lab ● Security by Isolation ● Open Source(GPL v2) ● Based on Xen – So today I don't speak about bhyve – Wish I could supply some inspiration for you!

Slide 5

Slide 5 text

Invisible Things Lab

Slide 6

Slide 6 text

Invisible Things Lab ● Founded by Joanna Rutkowska in 2007 – Who forced Citrix to publish souces of XenClient – Published Blue Pill[SyScan'06] when she were in COSEINC ● Blue Pill – VT based rootkit(hypervisor) ● Previous rootkit were on Ring 0 – Hooking System Call – Altering Kernel Structure – So we can detect it

Slide 7

Slide 7 text

Invisible Things Lab ● VT based rootkit were on Ring -1 – So we can hardly detect it *after infection* – For now, VT based rootkit is not serious threat

Slide 8

Slide 8 text

Invisible Things Lab ● They had been researched about – rootkit – SMM(System Management Mode) – Intel TXT(Trusted Execution Technology) ● Now they are developing Secure VM focused on mechanism of Xen

Slide 9

Slide 9 text

Well... What's the difference between Xen and KVM?

Slide 10

Slide 10 text

Review: difference betwen Xen and KVM ● Virtualization methods ● Intrrupt ● Memory mapping

Slide 11

Slide 11 text

Review: difference betwen Xen and KVM ● Xen – Para-Virtualization – Full-Virtualization by Intel VT Hardware Xen Para-Virtualized OS Priviledged Domain Para-Virtualized OS Full-Virtualized OS

Slide 12

Slide 12 text

Review: difference betwen Xen and KVM ● KVM – Full-Virtualization – Para-Virtualization by virtio Hardware Linux + KVM Full-Virtualized OS Full-Virtualized OS Full-Virtualized OS

Slide 13

Slide 13 text

Review: difference betwen Xen and KVM ● Virtualization methods – Para-Virtualization ● Modify OS for virtualized environment ● No need of full hardware emulation – Full-Virtualization ● No need of modifying OS ● Inturrupt – Xen uses event channnel – KVM uses MSI(-X)

Slide 14

Slide 14 text

Review: difference betwen Xen and KVM ● Memory mapping – KVM Gest-Physical memory space is part of host-virtual memory space of QEMU – Xen Mapping Gest-Physical memory space On demand ● Both use HW-assisted virtualization – Intel VT, AMD-V

Slide 15

Slide 15 text

Well... What is Intel VT?

Slide 16

Slide 16 text

Review: Intel VT ● Handling sensitive instructions – How to emulate it? – Tired to rewriting instrctuions by hand

Slide 17

Slide 17 text

Review: Intel VT(VMX) 1.Load some settings to VMCS 2.Set CPU to VMCS 3.VMLAUNCH → VMEntry, Enter VMX non- root mode(Guest mode) 4.Execute guest environment 5.Cause of trap → VMExit, Enter VMX root mode 6.Check VMExit reasons, emulation 7.VMRESUME → VMEntry, Enter VMX non- root mode → 4

Slide 18

Slide 18 text

Review: Intel VT(VMX) ● What is VMCS? – Virtual Machine Control Structure ● Program Counter ● Register ● VM ● What to trap

Slide 19

Slide 19 text

Review: Intel VT(EPT) ● Simplifying Paging – Tired to twice translation – Shadow Page Table ● EPT – Extended Page Table – Address translation by HW – Reduction of Overhead

Slide 20

Slide 20 text

Review: Intel VT(EPT) ● We can easily make VMM using VT! → KVM ● Xen... – Need of HyperCall – Full-Virtualization by VT

Slide 21

Slide 21 text

Xen Virtualization Hardware Xen VM(Dom0) VM(DomU 1) VM(DomU 2) Driver Backend Driver Frontend Driver Frontend Driver ● Xen has a Dom0(host) and some DomU(guest)

Slide 22

Slide 22 text

Xen Virtualization ● Xen hypervisor execute Dom0 before DomU ● Dom0 manages other DomU – Only Privilege Domain is allowed to access all HW – DomU ask Dom0 to HW access via Backend/Frontend Driver ● Qubes OS apply this architecture to security

Slide 23

Slide 23 text

Concept of Qubes OS

Slide 24

Slide 24 text

Desktop Environment ● Qubes OS want to provide strong security to desktop environment Spreadsheet with your company's data Web Browser Mail Client

Slide 25

Slide 25 text

Desktop Environment ● People use different applications there Spreadsheet with your company's data Web Browser Mail Client Game

Slide 26

Slide 26 text

Desktop Environment ● If this game was malware? Spreadsheet with your company's data Web Browser Mail Client Game Information leakage

Slide 27

Slide 27 text

Desktop Environment ● If the Web Browser has vulnerability? Spreadsheet with your company's data Web Browser Mail Client Information leakage

Slide 28

Slide 28 text

It's Painful!

Slide 29

Slide 29 text

Two Approaches ● Security by Correctness ● Security by Isolation

Slide 30

Slide 30 text

Security by Correctness ● Code Auditing ● Developers education – Microsoft Security Development Lifecycle ● Testing – Fuzzing ● “Safe”Programming Language ● It doesn't work in practice!

Slide 31

Slide 31 text

Security by Isolation ● We want the OS to provide isolation between various apps ● If some of them get compromised... Spreadsheet with your company's data Web Browser Mail Client Game Cutoff

Slide 32

Slide 32 text

Security by Isolation ● We want to even “decompose”some apps... ● e.g. Web Browser – Internal Systems – Shopping – News – Googling

Slide 33

Slide 33 text

Security by Isolation ● Isolation provided by OSes are not enogh? – Address space isolation – User accounts isolation – ACL – Kernel/User space separation – chroot – systrace – SELinux – Secure level of BSD ● They don't work in practice!

Slide 34

Slide 34 text

Security by Isolation ● Monolithic kernels are buggy! ● Hundreds of 3rd-party drivers cannot be made secure! “One bug to rule them all!”

Slide 35

Slide 35 text

Then, Qubes OS

Slide 36

Slide 36 text

Virtualization for rescue!

Slide 37

Slide 37 text

Melits of virtualization ● Bug(vuln) is proportional to LOC – [SOSP01],[ICCSA03] ● Linux: ten of millions LOC! ● Bare-metal hypervisor: 100k~300k LOC only!

Slide 38

Slide 38 text

Conceptual Diagram ● App Domain ● Strage Domain ● Network Domain ● Domain 0 Come true Isolation!!!

Slide 39

Slide 39 text

Dom0 ● Provides secure environment and manager ● Dom0 doesn't contain Network function and Storage function ● Only 25k LOC!!!!!!!!

Slide 40

Slide 40 text

Strage Domain ● Non-privileged VM ● Only support Storage function

Slide 41

Slide 41 text

Network Domain ● Non-privileged VM ● Only support Network function

Slide 42

Slide 42 text

AppVM ● Main Qubes building blocks(cubes) ● Hosts user applications ● We can create VM(Domain) depending on their Use – Work – Shopping – Personal ● Domains are isolated each other → SECURE! ● Created by Template VM(Read Only)

Slide 43

Slide 43 text

AppVM ● Disposable VM – Only supports ONE application – If compromised, there are no informations ● Lightweight – 400MB per VM ● Centrally Updatable ● Each app gets a label (VM name + color frame) that is applied by the Window Manager running in Dom0

Slide 44

Slide 44 text

AppVM “Work” VM “Shopping” VM “Work” VM Desktop ハイパーバイザによるIsolation

Slide 45

Slide 45 text

Screenshot 行 1 行 2 行 3 行 4 0 2 4 6 8 10 12 列 1 列 2 列 3 http://wiki.qubes-os.org/trac/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains- at-work.png

Slide 46

Slide 46 text

GUI Virtualization Introducing Qubes OS qubes-intro-apr-2010.pdf

Slide 47

Slide 47 text

VM Protection ● Research about VM Protections ● Overshadow[ASPLO08] – Get context of Guest OS from VMM – Encrypt pages at memory access – Show process to not-encrypted memory – Need original loader ● SP3[Vee08] – Process memory encyption from VMM – Set accsess control per page – Has both encrypted page and not-encrypted page → Reduction of Overhead

Slide 48

Slide 48 text

VM Protection ● Qubes OS uses Intel VT-d and Intel TXT Protecting VM ● DMA Protection – Direct Memory Access – R/W memory from HW – No need of CPU

Slide 49

Slide 49 text

DMA Virtualization by Intel VT-d 1.HW → DMA Request 2.DMA Remapping Engine refers to Device Assignment Structure 3.Get Address Translation Structure

Slide 50

Slide 50 text

DMA Virtualization by Intel VT-d ● Prevents access from the address range other than the VM at address translation ● At early boot sequense before VT-d initialized, Intel TXT protects VM

Slide 51

Slide 51 text

Intel TXT ● Trust – All work as expected! – Identity and Measurement ● Establish Trust by RTM(Root of Trust for Measurement) – Reliable engine makes a measurement of integrity – Root of Trust → Chain of Trust

Slide 52

Slide 52 text

Intel TXT ● RTM – RTM cannot measures itself ● Static RTM – RTM is firmware – Building Chain of Trust from booting ● Dynamic RTM – RTM is GETSEC[SENTER] instruction – Building Chain of Trust from executing instruction – SENTER enable DMA protection so we can protect VM! “Kill two birds with one stone”

Slide 53

Slide 53 text

Intel TXT ● Intel TXT uses both SRTM and DRTM ● BIOS(chip) → (SRTM) → bootloader →  (SRTM) → os → (DRTM) → hypervisor (thx @yuzuhara)

Slide 54

Slide 54 text

Strage Introducing Qubes OS qubes-intro-apr-2010.pdf

Slide 55

Slide 55 text

Cross-VM ● Qubes OS has some Cross-VM functions – Clipboard sharing – File transfer via virtual disk ● Cross VM vulnerability is easily targeted ● Insert rootkit at LiveMigration[BlackHat DC08] ● Cross VM Side Channel Attack[CCS12] – Estimate the access from another VM from response when malicious VM access physical cache continuously – Might steal the key

Slide 56

Slide 56 text

Filesystem Introducing Qubes OS qubes-intro-apr-2010.pdf

Slide 57

Slide 57 text

Summaly ● Domain oriented VM ● Creates Xen's VM per use ● Seamless operation by GUI virtualization ● DMA protection by Intel VT-d ● Strage protection by Intel TXT ● Filesystem protection by VM-specific key

Slide 58

Slide 58 text

See qubes-os.org

Slide 59

Slide 59 text

Q&A?

Slide 60

Slide 60 text

Thank you!