Re: Integrity in untrusted environments
Il 31/07/2014 23:25, Shiva V ha scritto: Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup. 1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. One could also use SMM to verify the integrity. But since this is time based approach, one could easily exploit between the time window. I was drilling down this idea, We know Write xor Execute Memory Protection Scheme. Using this idea,If we could lock down the VM-A memory pages where the service is running and also corresponding page-table entries, then have a handler code that temporarily unlocks them for legitimate updates, then one could verify the integrity of the service running. You can make a malicious hypervisor that makes all executable pages also writable, but hides the fact to the running process. But really, if you control the hypervisor you can just write to guest memory as you wish. SMM will be emulated by the hypervisor. If the hypervisor is untrusted, you cannot solve _everything_. For the third time, what attacks are you trying to protect from? Paolo -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Integrity in untrusted environments
Paolo Bonzini pbonzini at redhat.com writes Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup. 1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. One could also use SMM to verify the integrity. But since this is time based approach, one could easily exploit between the time window. I was drilling down this idea, We know Write xor Execute Memory Protection Scheme. Using this idea,If we could lock down the VM-A memory pages where the service is running and also corresponding page-table entries, then have a handler code that temporarily unlocks them for legitimate updates, then one could verify the integrity of the service running. You can make a malicious hypervisor that makes all executable pages also writable, but hides the fact to the running process. But really, if you control the hypervisor you can just write to guest memory as you wish. SMM will be emulated by the hypervisor. If the hypervisor is untrusted, you cannot solve _everything_. For the third time, what attacks are you trying to protect from? Paolo Thanks Paolo, I was considering all critical attacks possible that a client virtual machine could have under the untrusted hypervisor scenarios. For example,Memory based,Hypervisor based and few major side channel attacks. I am ignoring the network based attacks for the time being. And one more question to your reply. I did'nt understand as to what you were trying to describe here You can make a malicious hypervisor that makes all executable pages also writable, but hides the fact to the running process. But really, if you control the hypervisor you can just write to guest memory as you wish This is my understanding, Correct me if I am wrong here. If we lock down the code pages of genuine hypervisor as I discussed before, Isn't it sufficent? Because essentially hypervisor is the one that handles the traps from the virtual machines for execution.So, even if the hypervisor wishes to write to the client virtual machine, it will be captured since the memory pages of the hypervisor is locked down and is essentially non bypassable. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Integrity in untrusted environments
On Thu, Jul 31, 2014 at 2:25 PM, Shiva V shivaramakrishnan...@gmail.com wrote: Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup. 1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. Just clarification. The concept of enclaves and the specs of Intel SGX are available in public. See the following, for example: https://software.intel.com/en-us/intel-isa-extensions -- Jun Intel Open Source Technology Center -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Integrity in untrusted environments
Nakajima, Jun jun.nakajima at intel.com writes: On Thu, Jul 31, 2014 at 2:25 PM, Shiva V shivaramakrishnan740 at gmail.com wrote: Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup. 1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. Just clarification. The concept of enclaves and the specs of Intel SGX are available in public. See the following, for example: https://software.intel.com/en-us/intel-isa-extensions Thanks for the reply. By mentioning Not publicly available, I meant that the Intel SGX processors are not available in market yet. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html