Applications of feather weight virtual machine
Download
1 / 26

Applications of Feather-Weight Virtual Machine - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Applications of Feather-Weight Virtual Machine. Yang Yu Hariharan Govindarajan Lap-chung Lam Tzi-cker Chiueh Stony Brook University Symantec Research Labs. Virtualization Technology Spectrum.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Applications of Feather-Weight Virtual Machine' - fatima-little


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Applications of feather weight virtual machine

Applications of Feather-Weight Virtual Machine

Yang Yu Hariharan Govindarajan

Lap-chung Lam Tzi-cker Chiueh

Stony Brook University

Symantec Research Labs

VEE 2008


Virtualization technology spectrum
Virtualization Technology Spectrum

  • Software emulation of an operating environment: an example of “every computer science problem can be solved by adding an additional level of indirection”

    Intercept & perform additional value-added operations

  • Multiple possible interception interfaces

    • Instruction set architecture (ISA): Bochs, QEMU

    • Hardware abstraction layer (HAL): VMware, Virtual PC, Xen,

    • System call interface: BSD Jail, Linux Vserver, Virtuozzo, Softricity

    • Library call interface: Wine, Interix, Cgwin

    • Language level: JVM, .NET framework

  • Tradeoff among implementation complexity, flexibility, performance overheadandisolation strength

VEE 2008


Os level virtualization
OS-level Virtualization

  • Virtualizing the system call interface so as to provide the illusion of multiple operating environments that are isolated from one another

P1, P2, P3, P4, P5

P1, P3, P4

P2, P5

OS-VirtualizationLayer

Operating System Kernel

Operating System Kernel

Hardware

Hardware

VEE 2008


Os level vs hal based vm
OS-level vs. HAL-based VM

  • One OS vs. Multiple (possibly heterogeneous) OSes

Guest

Processes

Guest

Processes

Guest

Processes

Guest

Processes

OS-level VirtualizationLayer

Guest OS

Guest OS

Host OS

HAL Virtualization Layer

Hardware

Hardware

OS-level Virtualization

HAL-level Virtualization

VEE 2008


Properties of os level virtualization
Properties of OS-level Virtualization

  • Pro

    • OS-required resource does not need to be duplicated

    • Low per-VM resource requirement and better scalability

    • Instant creation and destruction of VMs

    • More flexibility in initial state set-up of new VM

    • Easier to share VM states whenever necessary

    • No changes required to existing applications or computing infrastructure

  • Con

    • Share a single OS kernel: weaker isolations among VMs

      • kernel rootkit problem

    • Higher implementation complexity

    • Additional restrictions on applications running in a VM

VEE 2008


Fvm feather weight virtual machine
FVM: Feather-weight Virtual Machine

  • Multiple OS-level VMs forked from the base operating environment of a Windows kernel

  • Goals of FVM

    • Properly isolates different VMs running on a Windows kernel

    • Offers a flexible framework for developing security applications on end user machines

  • Technical challenges

    • How to achieve reasonable isolation among VMs without incurring inordinate implementation complexity

    • How to reliably commit a VM’s state back to the host

VEE 2008


Concrete design requirements
Concrete Design Requirements

  • Can start multiple instances of the same executable binary in multiple concurrent VMs

    • Daemon process: Apache web server, DNS server

    • GUI process: Microsoft Office suite, IE, Acrobat reader

    • Some service processes cannot be multi-instanced: Windows Installer service

  • Isolation of persistent state: files and registries

    • Read from the common base operating environment

    • File-level copy-on-write

  • Communication confinement: IPC, device access, kernel object access, interaction with services

  • Performance isolation

VEE 2008


Basic fvm design
Basic FVM design

  • A virtualization layer that intercepts Windows system calls

    • No modification to applications, libraries or OS kernel

  • Access redirection via renaming and copy-on-write

    • Mapping virtual name to physical name

  • Communication confinement

    • Virtualization through renaming of communication end-points

    • Visibility control: broadcast and enumeration operations

  • Performance isolation: using “job object” to limit dis/memory usage and CPU scheduling priority

VEE 2008


Low level enabling mechanisms
Low-Level Enabling Mechanisms

  • File/registry virtualization

  • Running multiple instances of the same application

  • Inter-process communication confinement

  • Daemon/Service virtualization

  • Network interface/stack virtualization

  • Resource usage control

VEE 2008


Ipc confinement
IPC Confinement

VEE 2008


An fvm s state
An FVM’s State

  • A VM identifier

  • A set of processes

  • Root directories for file, registry, kernel object

  • A log of files and registry entries deleted/renamed by the VM

  • An IP address

  • A set of policies: resource usage quota, device access and service interaction

VEE 2008


Limitations of fvm prototype
Limitations of FVM Prototype

  • Kernel modification in a VM

    • Prohibit loading/unloading kernel driver

    • Prohibit mapping physical memory

      • \Device\PhysicalMemory

  • Device access and IPC with daemon/service

    • Tradeoff between isolation and functionality

    • Policy

  • Lack of VM migration support

VEE 2008


App1 secure mobile code execution
App1: Secure Mobile Code Execution

  • Start web browser, email client or any suspicious program in a separate VM

  • Selective commit based on analysis of system/API call log – detect suspicious process behaviors

  • Mark a file when it is committed to the host

  • A marked file is always opened/executed in a separate VM until it is explicitly unmarked

VEE 2008



App2 scalable web site testing

Local Mirror

VM

Web

Browser

VM

URL DB

Web

Browser

VM Pool

Testing

Report

Web Crawler

Web

Browser

VM

Web Servers

App2: Scalable Web Site Testing

VEE 2008


Web site testing set up
Web Site Testing Set-up

  • Web crawler: WinHTTrack

  • URL source: 237 websites from McAfee’s SiteAdvisor

  • Internet Explorer 5.0 runs on unpatched Win2K

    • IE security settings: high

  • VM setup

    • One IE instance per VM

    • Total number of concurrent IE instances: 50

  • Two parameters:

    • Number of seconds to wait

    • Number of URLs visited during the life time of each VM

VEE 2008



Results
Results

  • VM start-up overhead in web site testing

    • FVM: 0.3 seconds

    • VMware Workstation 5.0: 30 ~ 50 seconds

  • Scanning throughput

    • One URL visit per VM

    • Waiting time: 120 seconds

    • FVM-based: 50,000 ~ 70,000 per day per machine

    • MS Strider HoneyMonkey (VMware-based): < 8,000 per day per machine

VEE 2008


App3 shared application binary server
App3: Shared Application Binary Server

  • Application binary delivery architecture

    • Applications installed and executed on end user machines

    • Applications installed and executed on a central server: Thin-client computing

    • Applications installed on a central server and executed on individual user machines: Shared application binary server

  • Challenge: Ensure applications are executed against the operating environment in which they are installed

VEE 2008


Design
Design

  • When a client launches an executable stored on the server, associate the launched process with a VM running on the client

    • Redirect access to the operating environment to the shared binary server

      • Exe, DLL, Registry, Environment Variable, COM object

      • System DLLs (kernel32, user32, …)

    • Accesses to user files and registry entries are not redirected

VEE 2008


Shared binary server architecture

File

File

App1

App

Registry

App2

Registry

Env Var

App3

Env Var

FVM

OLE/COM

……

OLE/COM

AppK

Local Data

Client

Shared Binary Server

Shared Binary Server Architecture

VEE 2008


App4 distributed display only file service

DOFS Firewall

Screen Capture

Blocker

App

Terminal

Session

Remote

Display

Content

Filter

Document

Link

Protected

Document

DOFS Client

DOFS Server

App4: Distributed Display-Only File Service

  • Goal: protect confidential documents from information theft by insiders

VEE 2008


Ddofs design
DDOFS Design

  • Motivation

    • Application compatibility & performance issue in the DOFS architecture

  • Approach

    • Move application execution back to client in a VM to carve out a piece of client as a logical extension of the central server

    • Document opened in a VM cannot leak out of the VM because all writes go to the central server

    • Documents are encrypted as they travel over the network and decrypted after they enter the VM

VEE 2008


App4 ddofs architecture
App4: DDOFS Architecture

Screen Capture

Blocker

VM Write

Workspace

App

Encrypt &

Decrypt

Protected

Document

Decrypt &

Encrypt

FVM

DDOFS Server

DDOFS Client

VEE 2008


Conclusion
Conclusion

  • FVM is a full-scale implementation of OS-level virtualization for the Windows platform

    • Making legitimate applications happy vs. preventing malicious applications from doing bad things

    • Tamper resistance support is needed

  • Optimized for sharing rather than for isolation  allow users to seamlessly interact with multiple VMs simultaneously

  • Faster start-up and shut-down

  • Facilitating development of security solutions for end user machines

VEE 2008


Open-source version of FVM 1.0 available in

https://sourceforge.net/projects/fvm-rni

Questions?Thank You!

VEE 2008


ad