Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

Designing and Attacking Virtual Machines Nate Lawson Cryptography Research, Inc. [email protected]

© 2004 Cryptography Research, Inc. All rights reserved. The Cryptography Research logo is a trademark of Cryptography Research, Inc. All trademarks are the property of their respective owners. The information contained in this presentation is provided without any guarantee or warrantee whatsoever.

Who am I? Cryptography Research — Fix $1B problems • Financial systems • Entertainment: Pay TV, high-def optical disc • Infrastructure: platform security, networks — Specialties • Hardware attacks and countermeasures • Analyzing security products

FreeBSD: ACPI, Storage Past companies: ISS, InfoGard Labs, Decru

1

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

The Tao of VMs

James, G.; “Tao of Programming”. Pictures: computerhistory.org

What is a VM? Complete, self-contained environment for guest software Code is… — Partitioned — Isolated from hardware

Categories — “Language” (JVM) — “Whole System” (VMware)

Guest Guest

…

VMM VMM Host Host

— “OS” (UMLinux) — “Hardware” (IBM VM)

Not a VM: Javascript

2

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

Metric: Assurance Strength ≠ Assurance — Strength: How strong is the system against known attacks? — Assurance: What are the odds of falling to an unknown attack?

Good crypto gives strength (i.e., key length) Very few vendors design for assurance — Good validation is ~10x the cost of development — Complexity is the enemy of assurance

VM can add assurance

Metric: Cross-Section Cross-section — Size of an interface between components — Small cross-section (API bottleneck) increases assurance

VMs can reduce cross-section of host that is exposed

VMM VMM Host Host

3

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VM Overview:

Language VMs JVM — Java compiles into bytecode — API: J2EE, JAAS, Swing, AWT

.NET Intermediate Language — VB, C++, C# compile to IL — API: .NET framework (COM)

Characteristics — Large API cross-section — JIT compilation

0000: 0000: 0001: 0001: 0002: 0002: 0003: 0003: 0004: 0004: 0005: 0005: 0006: 0006: 0007: 0007: 0009: 0009: 000C: 000C: 000E: 000E: 000F: 000F: 0010: 0010: 0011: 0011: 0013: 0013: 0014: 0014: 0015: 0015: 0016: 0016: 0017: 0017: 0018: 0018: 0019: 0019: 001B: 001B: 001E: 001E: 001F: 001F: 0020: 0020: 0021: 0021: 0023: 0023: 0026: 0026: 0028: 0028: 0029: 0029: 002A: 002A: 002D: 002D: 002F: 002F: 0030: 0030: 0031: 0031: 0033: 0033: 0034: 0034: 0035: 0035: 0038: 0038: 003A: 003A: 003C: 003C: 003D: 003D: 003E: 003E: 003F: 003F: 0042: 0042: 0043: 0043: 0045: 0045: 0048: 0048: 0049: 0049: 004A: 004A: 004D: 004D: 004F: 004F: 0052: 0052: 0054: 0054: 0057: 0057: 005A: 005A: 005C: 005C: 005D: 005D: 005E: 005E: 005F: 005F: 0061: 0061:

04 3C04 033C 3D03 033D 3E03 2A3E 3A2A04 843A030401 19840403 01 0319 04 0403 4F04 194F04 0419 04 0504 4F05 054F 3C05 063C 360605 05 A736004A 04A7 004A 3D04 043D 04 36 06 06 A7360025 19A7040025 1C19 04 2E1C 2E 9E 001B 199E04001B 1C19 04 2E1C 152E05 0515 05 6C05 A36C0010 15A3050010 19150405 1C19 04 2E1C 702E 9A700006 039A 0006 360306 8436020601 1C84 02 01 1B1C A21B0008 15A2060008 06 9A15FFD7 159A06FFD7 06 9915000E 849901000E 01 19840401 01 1B19 04 041B 6404 156405 4F15 05 4F

iconst_1 iconst_1 istore_1 istore_1 iconst_0 iconst_0 istore_2 istore_2 iconst_0 iconst_0 istore_3 istore_3 aload_0 aload_0 astore 4 astore iinc 3,1 4 iinc 43,1 aload aload 4 iconst_0 iconst_0 iconst_1 iconst_1 iastore iastore aload 4 aload 4 iconst_1 iconst_1 iconst_2 iconst_2 iastore iastore iconst_2 iconst_2 istore_1 istore_1 iconst_3 iconst_3 istore 5 istore 5 goto 0x0065 goto 0x0065 iconst_1 iconst_1 istore_2 istore_2 iconst_1 iconst_1 istore 6 istore 6 goto 0x0048 goto 40x0048 aload aload 4 iload_2 iload_2 iaload iaload ifle 0x0045 ifle 40x0045 aload aload 4 iload_2 iload_2 iaload iaload iload 5 iload iconst_25 iconst_2 idiv idiv if_icmpgt 0x0045 if_icmpgt 0x0045 iload 5 iload4 5 aload aload 4 iload_2 iload_2 iaload iaload irem irem0x0045 ifne ifne 0x0045 iconst_0 iconst_0 istore 6 istore iinc 2,1 6 iinc 2,1 iload_2 iload_2 iload_1 iload_1 0x0052 if_icmpge if_icmpge 0x0052 iload 6 iload 6 ifne 0x0026 ifne 60x0026 iload iload 6 ifeq 0x0062 ifeq1,1 0x0062 iinc iinc 41,1 aload aload 4 iload_1 iload_1 iconst_1 iconst_1 isub isub 5 iload iload 5 iastore iastore

VM Overview:

Whole System VMs VMware — Emulates priv. instructions, BIOS, virtual devices

Xen — OS modified to run in ring 1

Characteristics — Medium cross-section — Applications run unmodified — Requires x86 hardware

4

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VM Overview:

OS VMs UMLinux/User-Mode Linux — Linux running on Linux kernel — Single vs. multiple host processes

FreeBSD Jail — Partitioning of network and filesystems — Single kernel

Characteristics (UMLinux) — Very small cross-section — System calls are slow

VM Overview:

Hardware VMs IBM S/390 VM — LPAR hosts OS and apps

VT: Vanderpool Technology — Multiple PC partitions on one CPU — Hardware-assisted virtualization support — Public details are few

Characteristics

App App App OS OS

… VMM VMM Host Host

— Large/Medium cross-section — Very fast

5

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VM Overview:

Comparison Level

Application Mods

Performance

X-Section

JVM

Inst. Set

New language

Low

Large

.NET IL

Inst. Set

Recompile

Low

Large

Xen

PC

OS only

High

Medium

VMware

PC

None

Medium

Medium

VT

CPU

OS only

Very High

Medium

UMLinux

OS

Recompile

Medium

Small

What is a VM good for? Security Architect — Defense — Forensics — Debugging

Attacker — Subverting software protection — Fault injection — Reverse-engineering

6

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VMs for Security:

Overview Partitions untrusted code Can reduce cross-section Cross-platform means less code to validate Challenges — “Am I in the Matrix?” — “What bugs remain in this API?” — “How do I renew security after a compromise?” — “How can I trust the vendor?”

Goal is assurance

VMs for Security:

Fallacy of Signed Code Common pitfall: “We’ll just sign the code.” Authenticates source of binary, no more Useless without reduced privilege — Guninski and ActiveX

ActiveX Exploit ActiveX Exploit

VALUE="{0057D0E0-3573-11CF-AE69-08002B2E1262}"> setTimeout("aler Content.IE5/index.dat">setTimeout("aler t(funObject2.document.body.innerHTML)",500);')"> t(funObject2.document.body.innerHTML)",500);')">

7

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VMs for Security

Honeypots Goal: observe attackers in the wild Use a VM to provide a realistic system image — Honeyd (Provos) • Multiple IP stacks from nmap fingerprints • Connect to attacker to a VM

Contains damage done Allows reliable logging Create “interesting” system behavior

VMs for Security

Integrity/Forensics Defender runs system in VM After attack, rolls back and replays state Identifies extent of damage and repairs ReVirt (Dunlap et al) — Records interrupts and I/O to recreate state — Based on UMLinux

Potentially requires a lot of storage Requires small cross-section!

8

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VMs for Security

Trusted Computing Initiative CPU/Chipset — Intel, AMD

VMM, user interface — Microsoft NGSCB

TPM, BIOS, peripherals, etc. — TPM is like a smart card attached to the motherboard

Attempts to answer: “How can I trust my environment?” — Partitioning — Attestation

VMs for Attack

Overview Provides full environment to tamper with guest software — Access to state — Single step — Modified environment

What you can do with it — Hijack device drivers — Avoid anti-debugger techniques — Fault induction — Rollback/replay

9

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

Using a VM to Violate Assumptions Platform is closed — “No one can observe my variables” if (strcmp(passwd, “sEkRiTpw”) == 0)

— “The bugs I worry about are in my program” (void) printf(warningMsg);

Platform is reliable — “It’s faster to use the cached value.” if (savedUid == 0)

— “Verify the computed result?!?” return (RsaComputeSig(buffer, len, d, n));

VMs for Attack

Hijacked Sound Card Media player decodes protected music VM provides emulated sound card CD-quality samples written to disk Signed drivers no defense

Music App OS Driver

Signed

Problem: “Am I in the Matrix?” Sound Device

Emulated

VM

10

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

VMs for Attack

Fault Injection Reverse engineering takes a lot of time Fault injection is often faster — Not as difficult as it sounds — You don’t have to understand it to break it

Single faulty RSA signature reveals private key (Boneh et al) Problem: not verifying the computed result

VMs for Attack

Fault Injection Attack VM modified to randomly fail a multiply instruction — App calculates signature halves: S’p, Sq — Recombines with CRT and returns S’ S’ = Sq + ((S’p – Sq) * (q-1 mod p) mod p) * q — Attacker calculates the private key q = GCD((m – S’e) mod n, n)

S’p

Sq

11

Designing and Attacking Virtual Machines

Nate Lawson - Cryptography Research, Inc.

Backdoors: what’s next? now /bin/login

rootkit

kernel

hardware

Backdoors becoming lower and lower level Hardware very full-featured — Flash updates — DMA

VM is the only solution — No raw access to hardware — Quick restoration to known-good state

“Reformat/reinstall” is obsolete

Conclusions Virtual machines are a powerful tool for… — Security Architects — Attackers

VMs are becoming an indispensable element of security designs Cross-section must be small to increase assurance

How will you use a VM?

12