anonymity & virtualization - university of...
TRANSCRIPT
todayAnnouncements: HW3 due tonight; HW4 posted tomorrow
Anonymous browsing, TOR
Virtualization,
Random number generators and reset vulnerabilities
Preventingintercept
• End-to-endencryption(TLS,SSH)
• Whatdoesthisprotect?Whatdoesitleak?
• Whatcangowrong?
Othermajorbackbone
AT&Tnetwork
Interceptiongear
IP:1.2.3.4
IP:5.6.7.8
think-pair-share
Hidingconnectivityisharder
• IPaddressesarerequiredtoroutecommunication,yetnotencryptedbynormalend-to-endencryption– 1.2.3.4talkedto5.6.7.8overHTTPs
• Howcanwehideconnectivityinformation?
SimpleAnonymizationServices
• Single-hopproxyservices
• JonDonym,anonymousremailers(MixMaster,MixMinion),manyothers
Anonymizer.com
Tor(TheOnionRouter)
Othermajorbackbone
AT&Tnetwork
Interceptiongear
IP:1.2.3.4
IP:5.6.7.8
Othermajorbackbone
TorRelayTorRelay TorRelay
7.8.9.1 8.9.1.19.1.1.2
Client->7.8.9.1->8.9.1.1->9.1.1.2->DestinationCalledacircuit
Client:1.2.3.4
Onionrouting:thebasicidea
Torimplementsmorecomplexversionofthisbasicidea
7.8.9.1
Encryptedto7.8.9.1Src:
1.2.3.4Dest:7.8.9.1
8.9.1.1
Encryptedto8.9.1.1Src:
7.8.9.1Dest:8.9.1.1
Encryptedto9.1.1.2Src:
8.9.1.1Dest:9.1.1.2
9.1.1.2 webserver:5.6.7.8
HTTPpacketSrc:
9.1.1.2Dest:5.6.7.8
Whatdoesadversarysee?
Othermajorbackbone
AT&Tnetwork
Interceptiongear
IP:1.2.3.4
IP:5.6.7.8
Othermajorbackbone
TorNodeTorNode TorNode
7.8.9.1 8.9.1.19.1.1.2
HTTPpacketSrc:
9.1.1.2Dest:5.6.7.8
Torobfuscateswhotalkedtowhom,needend-to-endencryption(e.g.,HTTPS)toprotectpayload
• Dec2016:EldoKim,Harvardsophomore,sentbombthreatsusingGuerillaMail(anonymousemailservice)
• UsedToRtoconnecttoGuerillaMail(fromhisdormroom)
• Caughtwithin2days
• Howdidhegetcaught?
• GuerillaMailindicateduserconnectedviaToRnode
• FBIcomparedtimestamponemailtoHarvardnetworklogs,
• HewastheonlyoneusingToRatthattime(onthelocalnetwork),confessedwhenconfronted
[Asof:April13,2016]
virtualization
Virtualization
Hardware
OS
Process1 Process2
Novirtualization
Type-1:HypervisorrunsdirectlyonhardwareType-2:HypervisorrunsonhostOS
Hardware
Hypervisor
OS1
P1 P2
OS2
P1 P2
DriversDrivers
Type-1Virtualization(Xen,VMwareESX)
P2
P1 P2
Type-2Virtualization(VMwareWorkstation,VirtualBox)
OS2
P1
HostOS
Hardware
Hypervisor
VMUseCases
• Developmentandtesting(especiallywhenweneeddifferentOSs)
• Serverconsolidation
• Runmultipleserversonsamehardware:webserver,fileserver,emailservers,…
• Cloudcomputing:Infrastructure-as-a-Service
• Sandboxing/containment
SecurityModel
Hardware
Hypervisor
OS1
P1 P2
OS2
P1 P2
DriversDrivers
Type-1Virtualization(VMwareWorkstation,VirtualBox)
• What'sthedesiredsecuritymodel?
• IsolationbetweenOS1/OS2(andprocesses)
• Noaccesstofilesystem,memorypages
• No"escape"fromprocess/OStohypervisor
• Whatcangowrong?
IsolationProblems
Hardware
Hypervisor
OS1
P1 P2
OS2
P1 P2
DriversDrivers
Type-1Virtualization(VMwareWorkstation,VirtualBox)
• Informationleakage
• side-channelattacksusingsharedresources(instruction/memorycaches)
• Degradationofservice
• Violateperformanceisolation,OS1degradesOS2togetmoreCPUtimeornetworkbandwidth
• Otherproblems?
VirtualMachineManagement
• Snapshots– Volumesnapshot/checkpoint• persistentstorageofVM• mustbootfromstoragewhenresumingsnapshot
– Fullsnapshot• persistentstorageandephemeralstorage(memory,registerstates,caches,etc.)
• start/resumeinbetween(essentially)arbitraryinstructions
• VMimageisafilethatstoresasnapshot
recapAnonymous browsing, TOR
Virtualization types, use cases
Virtualization containment problems
Linux RNG and reset vulnerabilities