speakeasy template 2006 - stanford university workshop slides/tal...issue “resume cloaked exec”...
TRANSCRIPT
![Page 1: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/1.jpg)
Overshadow: Retrofitting Protection in Commodity Operating Systems
Tal GarfinkelVMware Advanced Development
Stanford Security ForumMarch 17, 2008
Mike Chen Tal Garfinkel E. Christopher LewisPratap Subrahmanyam Carl Waldspurger
VMware, Inc.
Dan Boneh Jeffrey Dwoskin Dan R.K. PortsStanford Princeton MIT
![Page 2: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/2.jpg)
2Copyright © 2008 VMware, Inc. All rights reserved.
Our Problem: Commodity Systems, Sensitive Data
Many Applications Handle Sensitive DataFinancial, medical, insurance, military …Credit cards, medical records, corporate IP …
Run on Commodity SystemsLarge and complex TCB, broad attack surfacesOS kernel, file system, daemons, services …Hard to configure, manage, maintain
Why rely on all this, when we only care about our application?
![Page 3: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/3.jpg)
3Copyright © 2008 VMware, Inc. All rights reserved.
Our Hammer: The Virtual Machine Monitor
Hardware-Level AbstractionVirtual hardware: processors, memory, chipset, I/O devices, etc.
Encapsulates all OS and application state
Extra level of indirectiondecouples hardware and OS
Where Overshadow SitsInterpose at the CPU/Memory Interface to add new protection mechanism
![Page 4: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/4.jpg)
4Copyright © 2008 VMware, Inc. All rights reserved.
Our Goals
Protect Individual Application DataPrivacy and integrityIn memory and on disk
Get OS out of Trusted Computing BaseOnly have to trusted application codeLast line of defense
Backwards CompatibilityUnmodified commodity OSUnmodified application binary
Non-Goal: Availability
![Page 5: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/5.jpg)
5Copyright © 2008 VMware, Inc. All rights reserved.
Outline
E2E ArchitectureMemory CloakingSecure Control TransferImplementationConclusions
![Page 6: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/6.jpg)
6Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Big Picture
Application Data ProtectedOn disk
In memory while running
Cloaking: Two Views of MemoryApp sees normal view
OS sees encrypted view
App/OS InteractionsMediated by “shim”
Interposes on system calls, interrupts, faults, signals
Transparent to application
Cloaked App
Legacy OS Kernel
Cloaked Shim
VMM
Hardware
Other AppsOther AppsApps
Uncloaked Shim
Two Virtualization Barriers
![Page 7: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/7.jpg)
7Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Setting Up a Protected App
Application files.exe
.txt.dll
Encrypted Files
Metadata (IV/Hash)
Protected App
Your Virtual Machine
![Page 8: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/8.jpg)
8Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Running a Protected App
1. Trusted Loader is invoked run (checked by VMM) to start app
2. Loader memory maps app code3. Application code/data is encrypted/decrypted on
demand.4. VMM Provides context dependant view of process
memory.OS Page Table (ciphertext)
App Page Table (clear text)
![Page 9: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/9.jpg)
9Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Running a Protected App
1. Trusted Loader is invoked run (checked by VMM) to start app
2. Loader memory maps app code3. Application code/data is encrypted/decrypted on
demand.4. VMM Provides context dependant view of process
memory.OS Page Table (ciphertext)
App Page Table (clear text)
![Page 10: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/10.jpg)
10Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Protecting Application Resources
Basic StrategyProtect existing memory-mapped objectse.g. stack, heap, mapped files, shared mmaps
Make everything else look like a memory mapped objecte.g. open() becomes mmap(), read()/write() becomes memcpy()
VMM Provides Memory Isolation
OS Still Manages (Encrypted) Application ResourcesIncluding demand-paged application memory
Moves cloaked data without seeing plaintext contents
Encryption/decryption typically infrequent
![Page 11: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/11.jpg)
11Copyright © 2008 VMware, Inc. All rights reserved.
E2E: Supporting Unmodified Applications
Problem: Doesn’t look like normal ABIExamples: Modified control transfers between OS
and app, OS can’t access app address space directly
Solution: ShimLoaded into application address space
Communicates with VMM via hypercalls
Interposes on system calls, signals, etc.
Cloaked App
Legacy OS Kernel
Cloaked Shim
VMM
Hardware
Other AppsOther AppsApps
Uncloaked Shim
Protected Process
![Page 12: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/12.jpg)
12Copyright © 2008 VMware, Inc. All rights reserved.
Outline
E2E ArchitectureMemory CloakingSecure Control TransferImplementationConclusions
![Page 13: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/13.jpg)
13Copyright © 2008 VMware, Inc. All rights reserved.
Memory Mapping: OS
virtual physical
OS page table
![Page 14: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/14.jpg)
14Copyright © 2008 VMware, Inc. All rights reserved.
Memory Mapping: VMM
virtual physical machine
guest OS vmm
![Page 15: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/15.jpg)
15Copyright © 2008 VMware, Inc. All rights reserved.
Multi-Shadowing: Context-Dependent Views
virtual physical
machine1
guest OSview2
view1
machine2
![Page 16: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/16.jpg)
16Copyright © 2008 VMware, Inc. All rights reserved.
Cloaking: Multi-Shadowing + Cryptography
virtual physical
plaintext
guest OS sysview
appview
Xunmapped
machine
![Page 17: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/17.jpg)
17Copyright © 2008 VMware, Inc. All rights reserved.
Cloaking: System Accesses Page
virtual physical
guest OS sysview
appview
XUnmapped
encrypted
Fault into VMM: encrypt/hash contents, remap
![Page 18: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/18.jpg)
18Copyright © 2008 VMware, Inc. All rights reserved.
Cloaking: Application Accesses Page
virtual physical
guest OS sysview
appview
Fault into VMM: verify hash, decrypt, remap
Xunmapped
plaintextmachine
![Page 19: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/19.jpg)
19Copyright © 2008 VMware, Inc. All rights reserved.
Protecting Data Integrity
ChallengesEnforce integrity, ordering, freshness
VMM Manages Per-Page MetadataTracks what’s “supposed to be” in each memory page
E.g. infer based on mmap()
IV – randomly-generated initialization vector
H – secure integrity hash
See paper for more…
![Page 20: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/20.jpg)
20Copyright © 2008 VMware, Inc. All rights reserved.
Outline
E2E ArchitectureMemory CloakingSecure Control TransferImplementationConclusions
![Page 21: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/21.jpg)
21Copyright © 2008 VMware, Inc. All rights reserved.
Secure Control Transfer
Problem: Can’t let OS tranfer control to arbitrary place in app (with arbitrary registers).
Solution: Enforce control transfer protocol.Implicit: Faults/PremptionExplicit: System Calls
![Page 22: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/22.jpg)
22Copyright © 2008 VMware, Inc. All rights reserved.
Shim: Handling Faults and Interrupts
1. App is executing2. Fault traps into VMM
Saves and scrubs registersSets up trampoline to shimTransfers control to kernel
3. Kernel executesHandles fault as usualReturns to shim via trampoline
4. Shim hypercalls into VMMResume cloaked execution
5. VMM returns to appRestores registersTransfers control to app
![Page 23: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/23.jpg)
23Copyright © 2008 VMware, Inc. All rights reserved.
Shim: Handling System Calls
Extra TransitionsSuperset of fault handling
Handlers in cloaked shim interpose on system calls
System Call AdaptationArguments may be pointers to cloaked memory
Marshall and unmarshall via buffer in uncloaked shim
More complex: pipes, signals, fork, file I/Omarshallunmarshall
![Page 24: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/24.jpg)
24Copyright © 2008 VMware, Inc. All rights reserved.
Outline
E2E ArchitectureMemory CloakingSecure Control TransferImplementationFuture WorkRelated WorkConclusions
![Page 25: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/25.jpg)
25Copyright © 2008 VMware, Inc. All rights reserved.
Implementation
Overshadow SystemBased on 32-bit x86 VMware VMM
Shim for Linux 2.6.x guest OS
Full cloaking of application code, data, files
Lines of code: + 6600 to VMM, ~ 13100 in shim
Not heavily optimized
Runs Real ApplicationsApache web server, PostgreSQL database
Emacs, bash, perl, gcc, …
![Page 26: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/26.jpg)
26Copyright © 2008 VMware, Inc. All rights reserved.
Microbenchmark Performance
System CallsSimple PASSTHRU
MARSHALL args
ProcessesFORKW – fork/wait process creation, COW overheads
File-Backed mmapsMMAPW – write word per page, flush to disk
MMAPR – read words back from buffer cache
0
20
40
60
80
100
PASSTHRU MARSHALL FORKW MMAPW MMAPR
% U
nclo
aked
Per
form
ance
![Page 27: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/27.jpg)
27Copyright © 2008 VMware, Inc. All rights reserved.
Benchmark Performance
WebApache web servercaching disabled
Remote load generatorab benchmark tool
DatabasePostgresSQL serverDBT2 benchmark
ComputeSPECint CPU2006
gcc – worst individual SPEC benchmark
0
20
40
60
80
100
Apache DBT2 SPEC gcc
Full Cloaking Without File Cloaking
% U
nclo
aked
Per
form
ance
![Page 28: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/28.jpg)
28Copyright © 2008 VMware, Inc. All rights reserved.
Conclusions
Promising New ApproachVM-based protection of application data
Privacy and integrity, even if OS compromised
Backwards compatible
Powerful New MechanismsMulti-shadow memory cloaking
Shim allows transparent ABI modification
Future DirectionsSecurity implications of a malicious OS
Additional uses of Cloaking
![Page 29: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/29.jpg)
29Copyright © 2008 VMware, Inc. All rights reserved.
Questions?
For More InformationRead the paper
See ASPLOS 08 Proceedings
Google: $MY_NAME
Send feedback to mailing list [email protected]
![Page 30: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/30.jpg)
30Copyright © 2008 VMware, Inc. All rights reserved.
Backup Slides
![Page 31: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/31.jpg)
31Copyright © 2008 VMware, Inc. All rights reserved.
What is a Virtual Machine?
Hardware-Level AbstractionVirtual hardware: processors, memory, chipset, I/O devices, etc.
Encapsulates all OS and application state
Virtualization SoftwareExtra level of indirectiondecouples hardware and OS
Multiplexes physical hardwareacross multiple “guest” VMs
Strong isolation between VMs
Manages physical resources, improves utilization
![Page 32: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/32.jpg)
32Copyright © 2008 VMware, Inc. All rights reserved.
Basic Cloaking Protocol
State Transition DiagramSingle cloaked page
Privacy and integrity
Single Page, Two ViewsApp (A) sees plaintextvia application shadow
Kernel (K) sees ciphertextvia system shadow
Protection MetadataIV – randomly-generated initialization vector
H – secure hash
![Page 33: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/33.jpg)
33Copyright © 2008 VMware, Inc. All rights reserved.
Secure Context Identification
Application ContextsMust identify uniquely to switch shadow page tables
Must work even with adversarial OS
Shim-Based ApproachCloaked Thread Context (CTC) in cloaked shim
Initialized at startup to contain ASID and random value
Random value is protected in cloaked memory
Transitions from uncloaked to cloaked executionuse self-identifying hypercalls with pointer to CTC
VMM verifies expected ASID and random value in CTC
![Page 34: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/34.jpg)
34Copyright © 2008 VMware, Inc. All rights reserved.
Cloaked File I/O
Interpose on I/O System CallsRead, write, lseek, fstat, etc.
Uncloaked files use simple marshalling
Cloaked FilesEmulate read and write using mmap
Copy data to/from memory-mapped buffers
Decrypted automatically when read by app;Encrypted automatically when flushed to disk by kernel
Shim caches mapped file regions (1MB chunks)
Prepend file header containing size, offset, etc.
![Page 35: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/35.jpg)
35Copyright © 2008 VMware, Inc. All rights reserved.
Protection Metadata: Overview
Per-Page MetadataRequired to enforce privacy, integrity, ordering, freshness
IV – randomly-generated initialization vector
H – secure integrity hash
Tracked by VMMMetadata for pages mapped into application address space
Intuitively, what’s “supposed” to be in each memory page
(ASID, GVPN) → (IV, H)
![Page 36: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/36.jpg)
36Copyright © 2008 VMware, Inc. All rights reserved.
Protection Metadata: Details
Protected ResourceNeed indirection to support sharing and persistence(RID, RPN) – unique resource identifer, page offsetOrdered set of (IV, H) pairs in VMM “metadata cache”
Protected Address SpaceShim tracks mappings (start, end) → (RID, RPN)VMM caches in “metadata lookaside buffer”VMM upcalls into shim on MLB miss
Metadata Lookup(ASID, VPN) → (RID, RPN) → (IV, H)Persistent metadata stored securely in guest filesystem
![Page 37: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/37.jpg)
37Copyright © 2008 VMware, Inc. All rights reserved.
Managing Protection Metadata
![Page 38: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/38.jpg)
38Copyright © 2008 VMware, Inc. All rights reserved.
Q: Can OS Modify or Inject Application Code?
Answer: No.Application code resides in cloaked memory;it’s encrypted and integrity-protected.
Any modifications will be detected by integrity checks;modified page contents won’t match hash in MDC.
![Page 39: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/39.jpg)
39Copyright © 2008 VMware, Inc. All rights reserved.
Q: Can OS Modify Application Instruction Pointer?
Answer: No.Application registers, including the instruction pointer (IP),are saved in the cloaked thread context (CTC) after all faults/interrupts/syscalls, and restored when cloakedexecution resumes.
The CTC resides in cloaked memory; it’s encrypted andintegrity-protected, so the OS can’t read or modify it.
![Page 40: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/40.jpg)
40Copyright © 2008 VMware, Inc. All rights reserved.
Q: Can OS Tamper with Loader?
Answer: No.Before entering cloaked execution, the VMM can verify that the shim was loaded properly by comparing hashes of the appropriate memory pages with their expected values.
If this integrity check fails, it will prevent the application from accessing any cloaked resources (files or memory), except in encrypted form.
So while the OS could execute an arbitrary program instead, it would be unable to access any protected data.
![Page 41: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/41.jpg)
41Copyright © 2008 VMware, Inc. All rights reserved.
Q: Can OS Pretend to Be Application and Issue “Resume Cloaked Exec” Hypercall?
Answer: Yes, but it can’t execute malicious code.When an application returns from a context switch or other interrupt, the uncloaked shim makes a hypercall asking the VMM to resume cloaked execution.The OS could pretend to be the application, and make this same hypercall, but integrity checking will cause it to fail unless the CTC is mapped in the proper location.Even if the OS succeeds, the VMM will enter cloaked execution with the proper saved registers, including the IP. All application pages must be unaltered or integrity checks will fail.Thus, the OS can only cause cloaked execution to be resumed at the proper point in the proper application code, so it still can’t execute malicious code.
![Page 42: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/42.jpg)
42Copyright © 2008 VMware, Inc. All rights reserved.
More Backup Slides
![Page 43: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/43.jpg)
43Copyright © 2008 VMware, Inc. All rights reserved.
Motivation: Vulnerable Systems
Many Applications Handle Sensitive DataFinancial, medical, insurance, military …Credit cards, medical records, corporate IP …
Yet Trust Commodity SystemsLarge and complex TCB, broad attack surfacesOS kernel, file system, daemons, services …Hard to configure, manage, maintain
Example: Database ServerContaining all sorts of sensitive informationSecure, but runs on commodity OSGame over if attacker becomes root (e.g. via /dev/mem)
![Page 44: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/44.jpg)
44Copyright © 2008 VMware, Inc. All rights reserved.
Review: Virtual Memory
Traditional OS ApproachLevel of Indirection
Virtual → Physical
OS page table mapsVPN (virtual page number) toPPN (physical page number)
Cached by hardware TLB
VPN
PPN
hardwareTLB
OSpagetable
![Page 45: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/45.jpg)
45Copyright © 2008 VMware, Inc. All rights reserved.
Classical Memory Virtualization
Traditional VMM ApproachExtra Level of Indirection
Virtual → PhysicalGuest OS page table maps GVPN (virtual page number) to GPPN (physical page number)
Physical → MachineVMM maps GPPN to MPN
Shadow Page TableComposite of two mappings
Directly maps GVPN to MPN
Cached by hardware TLB
GVPN
GPPN
MPN
hardwareTLB
shadowpage table
guest
VMM
![Page 46: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/46.jpg)
46Copyright © 2008 VMware, Inc. All rights reserved.
Multi-Shadowing Primitive
New Way to Leverage VMMMultiple Views of Memory
GPPN maps to multiple MPNs
Using multiple shadow page tables
View depends on “context” accessing page
General MechanismOrthogonal to protection domains defined by OS and processor
Enables new protection schemes
GVPN
GPPN shadowcontext 2
MPN1 MPN2
shadowcontext 1
![Page 47: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/47.jpg)
47Copyright © 2008 VMware, Inc. All rights reserved.
Cloaking: Multi-Shadowing + Cryptography
Single Page, Dual ViewsGPPN maps to single MPN
Encrypt/decrypt MPN contents dynamically
Hash encrypted contents to protect integrity
Access to Cloaked PageBy kernel: encrypt, generate hash, update shadow mappings
By app: verify integrity hash, decrypt, update shadow mappings
ResponsibilitiesOS manages application resources (without seeing contents)
VMM manages protection (including metadata and keys)
![Page 48: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/48.jpg)
48Copyright © 2008 VMware, Inc. All rights reserved.
Cloaking OS Resources
Page-Oriented ProtectionUsing low-level cloaking primitive
Building block for higher-level OS abstractions
Memory-Mapped Objects in Modern OSPrivate process memory: stack, heap …
File-backed memory: code regions, mmaps …
Shared memory: fork, shared mmaps …
Basic StrategyProtect existing memory-mapped objects
Make everything else look like one
![Page 49: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/49.jpg)
49Copyright © 2008 VMware, Inc. All rights reserved.
Shim: Supporting Unmodified Applications
What’s a Shim?OS-specific user-level programLinked into application address spaceSeparate cloaked and uncloaked regionsCommunicates with VMM via hypercalls
FunctionalityExtends reach of VMM to applicationsInterposes on privilege-mode transitionsSecure context identification and control transferTracks application resourcesAdapts system calls
![Page 50: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/50.jpg)
50Copyright © 2008 VMware, Inc. All rights reserved.
Protection Metadata
Protected ResourceOrdered set of pagesPortions mapped into application address spaceMay be persistent or transient
Per-Page MetadataRequired to enforce privacy, integrity, ordering, freshnessIV – randomly-generated initialization vectorH – secure integrity hash
Managed by VMMTracks what’s “supposed to be” in each memory pageShim helps VMM map GVPN → (IV, H)
![Page 51: Speakeasy Template 2006 - Stanford University Workshop Slides/tal...Issue “Resume Cloaked Exec” Hypercall? Answer: Yes, but it can’t execute malicious code. When an application](https://reader033.vdocuments.us/reader033/viewer/2022042306/5ed209369eb0885e03049258/html5/thumbnails/51.jpg)
51Copyright © 2008 VMware, Inc. All rights reserved.
Shim: Handling Faults and Interrupts
1. App is executing2. Fault traps into VMM
Saves and scrubs registersSets up trampoline to shimTransfers control to kernel
3. Kernel executesHandles fault as usualReturns to shim via trampoline
4. Shim hypercalls into VMMSelf-identifying hypercall toresume cloaked execution
5. VMM returns to appRestores regsTransfers control to app