improving xen security through disaggregation derek murraygrzegorz milossteven hand
TRANSCRIPT
Improving Xen Security through Disaggregation
Derek Murray Grzegorz Milos
Steven Hand
Outline
• The myth of the secure hypervisor• Trusted computing bases• Disaggregating Xen• Results• Future work
Xen
• Small hypervisor– 100k lines of code
• Provides isolation between VMs
• “Trusting the virtual machine monitor is akin to trusting a real processor”
OS
XenHardware
VM
Domain Zero
• Full Linux distribution
• User-space tools for VM management
• Privileged hypervisor interface– Map foreign memory– Set foreign VCPU
• Therefore must be trusted
VMDom0
XenHardware
Threat Model
• Malicious software running as Dom0 root– Root exploit on Dom0– Untrusted administrator
• Want to protect security of other VMs– Confidentiality– Integrity
• Solution: disaggregation
Trusted Computing Base
• “The set of components on which a subsystem depends”
• “The totality of protection mechanisms... responsible for enforcing a computer security policy”
• Anything that can directly invoke a privileged operation– And hence undermine security
Call Graph
PD z
PD y
PD x
Current Xen Control Stack
Build VM
Make hypercall
Map memory Set VCPU
Dom0 User
Dom0 Kernel
Hypervisor
Minimise the TCB?
Build VM
Make hypercall
Map memory Set VCPU
Dom0 User
Dom0 Kernel
Hypervisor
Smaller is not always better
Build VM
Make hypercall
Map memory Set VCPU
Dom0 User
DomB
Hypervisor
Implementation
Xen
Dom0DomB
DomU
…
Xend
Results
• Smaller, static TCB– No longer contains Dom0 userspace– Now only VMM, DomB and Dom0
kernel– With an I/O MMU, only VMM and
DomB
• Other VMs protected from Dom0 root
Future Work
• Virtual TPM support• Automated techniques for
disaggregation• Metrics for trustworthiness
Conclusions
• Virtualised TCB can be surprising• Smaller TCB is not always better• Choosing appropriate interfaces is
crucial
Questions