Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
Designing and Attacking Virtual Machines Nate Lawson Cryptography Research, Inc.
[email protected]
© 2004 Cryptography Research, Inc. All rights reserved. The Cryptography Research logo is a trademark of Cryptography Research, Inc. All trademarks are the property of their respective owners. The information contained in this presentation is provided without any guarantee or warrantee whatsoever.
Who am I? Cryptography Research — Fix $1B problems • Financial systems • Entertainment: Pay TV, high-def optical disc • Infrastructure: platform security, networks — Specialties • Hardware attacks and countermeasures • Analyzing security products
FreeBSD: ACPI, Storage Past companies: ISS, InfoGard Labs, Decru
1
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
The Tao of VMs
James, G.; “Tao of Programming”. Pictures: computerhistory.org
What is a VM? Complete, self-contained environment for guest software Code is… — Partitioned — Isolated from hardware
Categories — “Language” (JVM) — “Whole System” (VMware)
Guest Guest
…
VMM VMM Host Host
— “OS” (UMLinux) — “Hardware” (IBM VM)
Not a VM: Javascript
2
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
Metric: Assurance Strength ≠ Assurance — Strength: How strong is the system against known attacks? — Assurance: What are the odds of falling to an unknown attack?
Good crypto gives strength (i.e., key length) Very few vendors design for assurance — Good validation is ~10x the cost of development — Complexity is the enemy of assurance
VM can add assurance
Metric: Cross-Section Cross-section — Size of an interface between components — Small cross-section (API bottleneck) increases assurance
VMs can reduce cross-section of host that is exposed
VMM VMM Host Host
3
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VM Overview:
Language VMs JVM — Java compiles into bytecode — API: J2EE, JAAS, Swing, AWT
.NET Intermediate Language — VB, C++, C# compile to IL — API: .NET framework (COM)
Characteristics — Large API cross-section — JIT compilation
0000: 0000: 0001: 0001: 0002: 0002: 0003: 0003: 0004: 0004: 0005: 0005: 0006: 0006: 0007: 0007: 0009: 0009: 000C: 000C: 000E: 000E: 000F: 000F: 0010: 0010: 0011: 0011: 0013: 0013: 0014: 0014: 0015: 0015: 0016: 0016: 0017: 0017: 0018: 0018: 0019: 0019: 001B: 001B: 001E: 001E: 001F: 001F: 0020: 0020: 0021: 0021: 0023: 0023: 0026: 0026: 0028: 0028: 0029: 0029: 002A: 002A: 002D: 002D: 002F: 002F: 0030: 0030: 0031: 0031: 0033: 0033: 0034: 0034: 0035: 0035: 0038: 0038: 003A: 003A: 003C: 003C: 003D: 003D: 003E: 003E: 003F: 003F: 0042: 0042: 0043: 0043: 0045: 0045: 0048: 0048: 0049: 0049: 004A: 004A: 004D: 004D: 004F: 004F: 0052: 0052: 0054: 0054: 0057: 0057: 005A: 005A: 005C: 005C: 005D: 005D: 005E: 005E: 005F: 005F: 0061: 0061:
04 3C04 033C 3D03 033D 3E03 2A3E 3A2A04 843A030401 19840403 01 0319 04 0403 4F04 194F04 0419 04 0504 4F05 054F 3C05 063C 360605 05 A736004A 04A7 004A 3D04 043D 04 36 06 06 A7360025 19A7040025 1C19 04 2E1C 2E 9E 001B 199E04001B 1C19 04 2E1C 152E05 0515 05 6C05 A36C0010 15A3050010 19150405 1C19 04 2E1C 702E 9A700006 039A 0006 360306 8436020601 1C84 02 01 1B1C A21B0008 15A2060008 06 9A15FFD7 159A06FFD7 06 9915000E 849901000E 01 19840401 01 1B19 04 041B 6404 156405 4F15 05 4F
iconst_1 iconst_1 istore_1 istore_1 iconst_0 iconst_0 istore_2 istore_2 iconst_0 iconst_0 istore_3 istore_3 aload_0 aload_0 astore 4 astore iinc 3,1 4 iinc 43,1 aload aload 4 iconst_0 iconst_0 iconst_1 iconst_1 iastore iastore aload 4 aload 4 iconst_1 iconst_1 iconst_2 iconst_2 iastore iastore iconst_2 iconst_2 istore_1 istore_1 iconst_3 iconst_3 istore 5 istore 5 goto 0x0065 goto 0x0065 iconst_1 iconst_1 istore_2 istore_2 iconst_1 iconst_1 istore 6 istore 6 goto 0x0048 goto 40x0048 aload aload 4 iload_2 iload_2 iaload iaload ifle 0x0045 ifle 40x0045 aload aload 4 iload_2 iload_2 iaload iaload iload 5 iload iconst_25 iconst_2 idiv idiv if_icmpgt 0x0045 if_icmpgt 0x0045 iload 5 iload4 5 aload aload 4 iload_2 iload_2 iaload iaload irem irem0x0045 ifne ifne 0x0045 iconst_0 iconst_0 istore 6 istore iinc 2,1 6 iinc 2,1 iload_2 iload_2 iload_1 iload_1 0x0052 if_icmpge if_icmpge 0x0052 iload 6 iload 6 ifne 0x0026 ifne 60x0026 iload iload 6 ifeq 0x0062 ifeq1,1 0x0062 iinc iinc 41,1 aload aload 4 iload_1 iload_1 iconst_1 iconst_1 isub isub 5 iload iload 5 iastore iastore
VM Overview:
Whole System VMs VMware — Emulates priv. instructions, BIOS, virtual devices
Xen — OS modified to run in ring 1
Characteristics — Medium cross-section — Applications run unmodified — Requires x86 hardware
4
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VM Overview:
OS VMs UMLinux/User-Mode Linux — Linux running on Linux kernel — Single vs. multiple host processes
FreeBSD Jail — Partitioning of network and filesystems — Single kernel
Characteristics (UMLinux) — Very small cross-section — System calls are slow
VM Overview:
Hardware VMs IBM S/390 VM — LPAR hosts OS and apps
VT: Vanderpool Technology — Multiple PC partitions on one CPU — Hardware-assisted virtualization support — Public details are few
Characteristics
App App App OS OS
… VMM VMM Host Host
— Large/Medium cross-section — Very fast
5
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VM Overview:
Comparison Level
Application Mods
Performance
X-Section
JVM
Inst. Set
New language
Low
Large
.NET IL
Inst. Set
Recompile
Low
Large
Xen
PC
OS only
High
Medium
VMware
PC
None
Medium
Medium
VT
CPU
OS only
Very High
Medium
UMLinux
OS
Recompile
Medium
Small
What is a VM good for? Security Architect — Defense — Forensics — Debugging
Attacker — Subverting software protection — Fault injection — Reverse-engineering
6
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VMs for Security:
Overview Partitions untrusted code Can reduce cross-section Cross-platform means less code to validate Challenges — “Am I in the Matrix?” — “What bugs remain in this API?” — “How do I renew security after a compromise?” — “How can I trust the vendor?”
Goal is assurance
VMs for Security:
Fallacy of Signed Code Common pitfall: “We’ll just sign the code.” Authenticates source of binary, no more Useless without reduced privilege — Guninski and ActiveX
ActiveX Exploit ActiveX Exploit
VALUE="{0057D0E0-3573-11CF-AE69-08002B2E1262}"> setTimeout("aler Content.IE5/index.dat">setTimeout("aler t(funObject2.document.body.innerHTML)",500);')"> t(funObject2.document.body.innerHTML)",500);')">
7
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VMs for Security
Honeypots Goal: observe attackers in the wild Use a VM to provide a realistic system image — Honeyd (Provos) • Multiple IP stacks from nmap fingerprints • Connect to attacker to a VM
Contains damage done Allows reliable logging Create “interesting” system behavior
VMs for Security
Integrity/Forensics Defender runs system in VM After attack, rolls back and replays state Identifies extent of damage and repairs ReVirt (Dunlap et al) — Records interrupts and I/O to recreate state — Based on UMLinux
Potentially requires a lot of storage Requires small cross-section!
8
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VMs for Security
Trusted Computing Initiative CPU/Chipset — Intel, AMD
VMM, user interface — Microsoft NGSCB
TPM, BIOS, peripherals, etc. — TPM is like a smart card attached to the motherboard
Attempts to answer: “How can I trust my environment?” — Partitioning — Attestation
VMs for Attack
Overview Provides full environment to tamper with guest software — Access to state — Single step — Modified environment
What you can do with it — Hijack device drivers — Avoid anti-debugger techniques — Fault induction — Rollback/replay
9
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
Using a VM to Violate Assumptions Platform is closed — “No one can observe my variables” if (strcmp(passwd, “sEkRiTpw”) == 0)
— “The bugs I worry about are in my program” (void) printf(warningMsg);
Platform is reliable — “It’s faster to use the cached value.” if (savedUid == 0)
— “Verify the computed result?!?” return (RsaComputeSig(buffer, len, d, n));
VMs for Attack
Hijacked Sound Card Media player decodes protected music VM provides emulated sound card CD-quality samples written to disk Signed drivers no defense
Music App OS Driver
Signed
Problem: “Am I in the Matrix?” Sound Device
Emulated
VM
10
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
VMs for Attack
Fault Injection Reverse engineering takes a lot of time Fault injection is often faster — Not as difficult as it sounds — You don’t have to understand it to break it
Single faulty RSA signature reveals private key (Boneh et al) Problem: not verifying the computed result
VMs for Attack
Fault Injection Attack VM modified to randomly fail a multiply instruction — App calculates signature halves: S’p, Sq — Recombines with CRT and returns S’ S’ = Sq + ((S’p – Sq) * (q-1 mod p) mod p) * q — Attacker calculates the private key q = GCD((m – S’e) mod n, n)
S’p
Sq
11
Designing and Attacking Virtual Machines
Nate Lawson - Cryptography Research, Inc.
Backdoors: what’s next? now /bin/login
rootkit
kernel
hardware
Backdoors becoming lower and lower level Hardware very full-featured — Flash updates — DMA
VM is the only solution — No raw access to hardware — Quick restoration to known-good state
“Reformat/reinstall” is obsolete
Conclusions Virtual machines are a powerful tool for… — Security Architects — Attackers
VMs are becoming an indispensable element of security designs Cross-section must be small to increase assurance
How will you use a VM?
12