38
Attacks on Virtual Machine Emulators Peter Ferrie, Security Architect 4 October, 2007

Attacks on Virtual Machine Emulators Peter Ferrie, Security Architect 4 October, 2007

Embed Size (px)

Citation preview

Attacks on Virtual Machine Emulators

Peter Ferrie, Security Architect

4 October, 2007

2

Agenda

Attack Types11

Types of Virtual Machine Emulators22

Detection of Hardware VMEs33

Detection of Software VMEs44

What can we do?55

3

Attack Types

• Detection

• Denial-of-service

• Escape!

4

Attack Types : Detection

5

Attack Types : Detection

6

Attack Types : Denial-of-Service

7

Attack Types : Escape!

8

Attack Types : Escape!

9

Types of Virtual Machine Emulators

Virtual Machine Emulators

Hardware-Bound Pure Software

Hardware-Assisted Reduced-Privilege Guest

10

Reduced-Privilege Guest VMEs

• Software-based virtualization of important data structures and registers

• Guest runs at lower privilege level than before

• No way to avoid notification of all CPU events

11

Reduced-Privilege Guest VMEs

• VMware

• Xen

• Parallels

• VirtualBox

12

Hardware-Assisted VMEs

• Uses CPU-specific instructions to place system into virtual mode

• Guest privileges unchanged

• Separate host and guest copies of important data structures and registers

• Guest copies have no effect on the host

• Host can request notification of specific CPU events

13

Hardware-Assisted VMEs

• BluePill

• Vitriol

• Xen 3.x

• Virtual Server 2005

• Parallels

14

Detection of Hardware VMEs :TSC Method

Physical Hardware Virtual Hardware

T1……Instruction 1 T1.……..Instruction 1

T1+1...Instruction 2 T1+1…..Instruction 2

T1+2...Instruction 3 T1+2…..[VM fault]

T1+N….Instruction 3

where N is a large number

15

Detection of Hardware VMEs :TLB Method

T1………read memory 1

T1+X1…read memory 2

T1+X2…read memory 3

T1+X3…read memory 4

FT (Fill Time) = ((T1+X3)-T1)/4

T2………read memory 1

T2+Y1…read memory 2

T2+Y2…read memory 3

T2+Y3…read memory 4

CT (Cached Time) = ((T2+Y3)-T2)/4

1

2

16

Detection of Hardware VMEs :TLB Method

Execute CPUID

T3………read memory 1

T3+Z1…read memory 2

T3+Z2…read memory 3

T3+Z3…read memory 4

DT (Detect Time) = ((T3+Z3)-T3)/4

If DT ~= CT, then physical

If DT ~= FT, then virtual

3

4

5

17

Detection of Hardware VMEs :L2 and MSRs

• L2 cache fill via PREFETCH

• Last Branch Record MSR

• Last Exception Record MSR

• Fixed-Function Performance Counter Register 0 (Core 2)

18

Pure Software VMEs

• CPU operation implemented entirely in software

• Emulated CPU does not have to match physical CPU

• Portable

• Can optionally support multiple CPU generations

• Examples

– Hydra

– Bochs

– QEMU

19

Pure Software VMEs (Hybrid model)

• Commonly used by anti-virus software

• Emulates CPU and partial operating system

• CPU operation implemented entirely in software

• Examples

– Atlantis

– Sandbox

20

Malicious VMEs (SubVirt)

• Reduced-privilege guest

• Installs second operating system

• Runs on Windows and Linux

• Carries VirtualPC for Windows

• Carries VMware for Linux

• Difficult to detect compromised system

21

Malicious VMEs (BluePill)

• Hardware-assisted VME

• Actively tries to hide itself

• Not persistent, aids stealth

• Runs on Windows, AMD SVM only

• Detection of VME != detection of BluePill

• BluePill has bugs and unimplemented features

• That behaviour allows identification and even recognition!

• It’s a hack, but that’s okay – BluePill tech is a dead end

22

Malicious VMEs (Vitriol)

• Hardware-assisted VME

• No stealthing capabilities

• Runs on OS X, Intel VT-x only

23

Detecting VMware

• IDT/GDT at high memory address

• Non-zero LDT

• Port 5658h

• Windows registry

• Video and ROM BIOS text strings

• Device names

• MAC address ranges

24

Detecting VirtualPC

• IDT/GDT at high memory address

• Non-zero LDT

• 0F 3F opcode

• 0F C7 C8 opcode

• Overly long instruction

• Device names

25

Detecting Xen

• Documented hypercall (int 82) interface

26

Detecting Parallels

• IDT/GDT at high memory address

• Non-zero LDT

• Device names

27

Detecting VirtualBox

• CPUID K7 Easter Egg

• CMPXCHG8B memory write

• Double-faulting CPU

28

Detecting Bochs

• [WB] INVD flushes TLBs

• REP CMPS/SCAS flags

• CPUID processor name

• CPUID AMD K7 Easter Egg

• 32-bit ARPL register corruption

• 16-bit segment wraparound

• Device names

• Undocumented opcodes and opcode maps

29

Attacking Bochs

• Bochs denial-of-service

– Floppy with >18 sectors per track

– Floppy with >512 bytes per sector

– Non-ring0 SYSENTER CS MSR

30

Detecting Hydra

• REP MOVS/SCAS integer overflow

• 16-bit segment wraparound

31

Detecting QEMU

• CPUID K7 Easter Egg

• CMPXCHG8B memory write

• Double-faulting CPU

32

Detecting Atlantis and Sandbox

• Unimplemented APIs

• Incorrectly-emulated APIs

– Example: Beep() in Windows 9x vs Windows NT

• Incorrectly-emulated operating-system behaviour

– Example: illegal instruction sequence containing value F0

– Windows returns “invalid lock” instead of “illegal instruction”

33

Detecting Sandbox

• IDT at high memory address

• GDT in low memory address

• Non-zero LDT

• Misaligned IDT/GDT limits

• Unsupported common instructions

• Unexpected CPUID presence and behaviour

• CMPXCHG memory write

34

Detecting CWSandbox

• cws_[pid]_mutex

• cws_[pid]_event_data

• cws_[pid]_event_result

• cws_[pid]_mapping

• 290 hooked APIs!

• 10 hooked methods

35

Escaping from CWSandbox

Step 1. FreeLibrary(GetModuleHandleA("cwmonitor"))

Step 2. …that’s it.

36

What can we do?

• Reduced-privilege guests

– Nothing

• VirtualPC

– Intercept SIDT

– Check for maximum instruction length

– Remove custom CPUID processor name

• Bochs, Hydra, QEMU

– Bug fixes

• Full stealth should be possible

• This is all short-term and not very interesting

37

What’s in the future?

• VMEs will be in hardware/OS and always present

• BluePill-style attacks will go away

• VMEs will support third-party plug-ins (AV, IDS, crypto, …)

• Plug-ins will have bugs, like kernel-mode drivers now

• Plug-ins will be exploited -> compromised VME

• Periodic measurement (eg PatchGuard) -> race condition

• Can’t measure everything anyway

• So, much harder to detect

• Now *that* is scary.

38

Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.

Thank You!

Peter Ferrie

[email protected]