1 / 22

World-Leading Research with Real-World Impact!

Institute for Cyber Security. ZeroVM Backgroud. Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April 23, 2014 Institute of Cyber Security, ICS @ UTSA. World-Leading Research with Real-World Impact!. 1. Institute for Cyber Security.

birch
Download Presentation

World-Leading Research with Real-World Impact!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Institute for Cyber Security ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April 23, 2014 Institute of Cyber Security, ICS @ UTSA World-Leading Research with Real-World Impact! 1

  2. Institute for Cyber Security Motivation Behind ZeroVM • In Amazon map/reduces a considerable amount of overhead was due to fetching the data from s3 to EC2 Instances and put it back to s3. • The overhead was hurting when the customers need to remake to cluster and do the map/reduce again. • A significant amount of customer’s money was spent due to moving the data back and forth. World-Leading Research with Real-World Impact! 2

  3. Institute for Cyber Security Motivation Behind ZeroVM(continued) • can we bring to Application to the data(very limited I/O overhead)? • How can we ensure no harm even if the application is malicious? Challenge with High I/O Challenge with Application Isolation World-Leading Research with Real-World Impact! 3

  4. Institute for Cyber Security What is ZeroVM ZeroVM is an open–source lightweight virtualization platform based on the Chromium Native Client project. World-Leading Research with Real-World Impact! 4

  5. Institute for Cyber Security ZeroVM Properties • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 5

  6. Institute for Cyber Security ZeroVM Properties • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 6

  7. Institute for Cyber Security Popular Virtualizations • 1. ZeroVM virtualizes Application not Operating System. • 2. Does zeroVM uses process level virtualization ? No OS Level Virtualization Process Level Virtualization World-Leading Research with Real-World Impact! 7

  8. Institute for Cyber Security Popular Virtualizations • Pros: • Complete Isolation • Dedicated V. Memory • Dedicated V. Storage • Dedicated V. CPU • 2. Flexible Architecture • Almost all OS is supported • 3. Fault Tolerance • Cons: • High Resource Overhead • High Maintenance Cost. • Pros: • Easy to maintain • 2. Comparative low overhead. • Cons: • Single Large Fault domain • One malicious app may crush the whole system. • No Complete isolation. OS Level Virtualization Process Level Virtualization World-Leading Research with Real-World Impact! 8

  9. Institute for Cyber Security ZeroVM Virtualization • Pros: • Nearly Complete Isolation • Uses Google Native Client (NaCl) Project • Low Resource overhead. • Fault Tolerant • Cons: • Run Only special executables/ binary. • No support for existing Process Level Virtualization World-Leading Research with Real-World Impact! 9

  10. Institute for Cyber Security ZeroVM Properties • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 10

  11. Institute for Cyber Security ZeroVM Properties • Single Threaded Execution: • No Fork • No Context Switch • No Fault due to Undeterministi c concurrency • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 11

  12. Institute for Cyber Security ZeroVM Properties • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 12

  13. Institute for Cyber Security Channel Based Input / Output Before execution ZeroVM is given a manifest/ configuration file which specify predefined Resources through Channel. Input file, Output file / File System Network (socket, DNS) Memory Channel = /tmp/input.txt, /dev/stdin, 0, 1, 0x1000, 0x1000, 0, 0 Which means : Zerovm input (/dev/stdin) comes from : /tmp/input.txt of local filesystem. 0: Only sequential Read / Write is allowed 0x1000: only 1000 bytes is allowed to be read from input file. 0: 0 bytes can be written to /tmp/input.txt • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 13

  14. Institute for Cyber Security An example Manifest file • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout Channel = /dev/null, /dev/stdin, 0, 1, 999999, 999999, 0, 0 Channel = /dev/stdout, /dev/stdout, 0, 1, 0, 0, 999999, 999999 Channel = /dev/stderr, /dev/stderr, 0, 1, 0, 0, 999999, 999999 Version = 20130611 Program = hello.nexe Memory = 33554432, 1 Timeout = 1 World-Leading Research with Real-World Impact! 14

  15. Institute for Cyber Security ZeroVM Properties • Single Threaded Execution: • No Fork • No Context Switch • No Fault due to Undeterministic concurrency • 1. ZeroVM virtualizes Application not Operating System. • 2. Single threaded (thus deterministic) execution • 3. Constraint Resource • Channel based I/O • Predefine socket port / network • Restricted Memory Access • Limited Read/ Write (in bytes) • Limited life time / Predefined timeout World-Leading Research with Real-World Impact! 15

  16. Institute for Cyber Security Binary Support for ZeroVM ZeroVM executables have to be precompiled in .nexe format. Currently only C (C99) and python executables are supported. Existing C executables and python interpreter need recompilation to modify / eliminate sensitive system calls. World-Leading Research with Real-World Impact! 16

  17. Institute for Cyber Security ZeroVM from a theoretical standpoint ZeroVM Functional Dependency and Security Feature Google Native Client Software Fault Isolation World-Leading Research with Real-World Impact! 17

  18. Institute for Cyber Security ZeroVM from a theoretical standpoint ZeroVM Functional Dependency and Security Feature Google Native Client Software Fault Isolation World-Leading Research with Real-World Impact! 18

  19. Institute for Cyber Security Software Fault Isolation • Fault Isolation Techniques: • Address Space Abstraction by OS • Cons: • 1. Communication between address space is very costly. Trusted Code ( Ex: Distributed by Google ) Untrusted Code ( Ex: Third party extensions) Ex: Google Chrome Project Malicious access Valid access World-Leading Research with Real-World Impact! 19

  20. Institute for Cyber Security Software Fault Isolation Fault Domain: -- Contiguous region of memory. -- have different code and data segment -- Code from different trust level have own fault domain. Cross Domain Communication: -- No direct memory access -- All call are implemented by RPC Single Domain Restricted Access: -- the module cannot change Code segment. (dangerous, self modifying code) -- Every jump instruction must not pass single domain. -- Most Jumps are statically verified otherwise -- verified at run time with help of checking code. Fault domain1 Fault doman2 Fault domain3 Distributed code / extensions must be recompiled/rewritten. World-Leading Research with Real-World Impact! 20

  21. Institute for Cyber Security Google Native Client (NaCl) Fault Domain: -- Contiguous region of memory. -- have different code and data segment -- Code from different trust level have own fault domain. Cross Domain Communication: -- No direct memory access -- All call are implemented by RPC Single Domain Restricted Access: -- the module cannot change Code segment. (dangerous, self modifying code) -- Every jump instruction must not pass single domain. -- Most Jumps are statically verified otherwise -- verified at run time with help of checking code. Fault domain1 Fault doman2 Fault domain3 Distributed code / extensions must be recompiled/rewritten. World-Leading Research with Real-World Impact! 21

  22. Thank You  World-Leading Research with Real-World Impact!

More Related