Upload
ramnathchenna
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 NLUUG Virtualization
1/41
Virtualization
the other side of the coin
Joanna Rutkowska
Invisible Things Lab
http://invisiblethingslab.com
8/8/2019 NLUUG Virtualization
2/41
Invisible Things Lab, 2007
Outline
Virtualization overview
Virtualization based rootkits
Virtualization vs. DRM
Detection approaches
Prevention approaches
Anti Virus inside a hypervisor?
Final thoughts
8/8/2019 NLUUG Virtualization
3/41
Invisible Things Lab, 2007
Hardware vs. Software virtualization
S/W based (x86)
Requires emulation of guests
privileged code
can be implemented very
efficiently: BinaryTranslation (BT)
Does not allow full
virtualization
sensitive unprivileged
instructions (SxDT)Widely used today
VMWare, VirtualPC
H/W virtualization
VT-x (Intel IA32)
SVM/Pacifica (AMD64)
Does not require guests priv
code emulation
Should allow for full
virtualization of x86/x64 guests
Still not popular in commercial
VMMs
8/8/2019 NLUUG Virtualization
4/41
8/8/2019 NLUUG Virtualization
5/41
Blue Pill:
virtualization based malware
8/8/2019 NLUUG Virtualization
6/41
Invisible Things Lab, 2007
Blue Pill Idea
Exploit AMD64 SVM extensions to move the operating
system into the virtual machine (do it on-the-fly)
Provide thin hypervisor to control the OS
Hypervisor is responsible for controlling interestingevents inside gust OS
8/8/2019 NLUUG Virtualization
7/41
Invisible Things Lab, 2007
SVM
SVM is a set of instructions which can be used to
implement Secure Virtual Machines on AMD64
MSR EFER register: bit 12 (SVME) controls weather
SVM mode is enabled or notEFER.SVME must be set to 1 before execution of any
SVM instruction.
Reference:
AMD64 Architecture Programmers Manual Vol. 2: SystemProgramming Rev 3.11http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24593.pdf
8/8/2019 NLUUG Virtualization
8/41
Invisible Things Lab, 2007
The heart of SVM: VMRUN instruction
8/8/2019 NLUUG Virtualization
9/41
Invisible Things Lab, 2007
Blue Pill Idea (simplified)
8/8/2019 NLUUG Virtualization
10/41
Invisible Things Lab, 2007
BP installs itselfON THEFLY!
The main idea behind BP is that it installs itself on the fly
Thus, no modifications to BIOS, boot sector or system
files are necessary
BP, by default, does not survive system rebootHow to make BP persistent is out of the scope of this
presentation
In many cases this is not needed, BTW
8/8/2019 NLUUG Virtualization
11/41
Invisible Things Lab, 2007
SubVirt Rootkit
SubVirt has been created a few months before BP by
researches at MS Research and University of Michigan
SubVirt uses commercial (full) VMM (Virtual PC or
VMWare) to run the original OS inside a VM
8/8/2019 NLUUG Virtualization
12/41
Invisible Things Lab, 2007
SubVirt vs. Blue Pill
SV is permanent! SV has to
take control before the original
OS during the boot phase. SV
can be detected off line.
SV runs on x86, which does
not allow for full virtualization
(e.g. SxDT attack)
SV is based on a commercial
VMM, which creates andemulates virtual hardware.
This allows for easy detection
Blue Pill can be installed on
the fly no reboot nor any
modifications in BIOS or boot
sectors are necessary. BP can
not be detected off line.BP relies on AMD SVM
technology which promises full
virtualization
BP uses ultra thin hypervisor
and all the hardware is nativelyaccessible without
performance penalty
8/8/2019 NLUUG Virtualization
13/41
Invisible Things Lab, 2007
Matrix inside another Matrix
What happens when you install Blue Pill inside a system
which is already bluepilled?
If nested virtualization is not handled correctly this will
allow for trivial detection all the detector would have todo was to try creating a test VM using a VMRUN
instruction
Of course we can cheat the guest OS that the processor
does not support SVM (because we control MSR
registers from hypervisor), but this wouldnt cheat more
inquisitive users ;)
So, we need to handle nested VMs
8/8/2019 NLUUG Virtualization
14/41
Invisible Things Lab, 2007
Nested VMs
8/8/2019 NLUUG Virtualization
15/41
Invisible Things Lab, 2007
Blue Pill based malware
Blue Pill is just a way of silently moving the running OS
into Matrix on the fly
BP technology can be exploited in many various ways in
order to create stealth malwareBasically sky is the limit here :)
On the next slides we present some simple example:
8/8/2019 NLUUG Virtualization
16/41
Invisible Things Lab, 2007
Delusion Backdoor
Simple Blue Pill based network backdoor
Uses two DB registers to hook:
ReceiveNetBufferListsHandler
SendNetBufferListsComplete
Blue Pill takes care of:
handling #DB exception (no need for IDT[1] hooking insideguest)
protecting debug registers, so that guest can not realize
they are used for hookingNot even a single byte is modified in the NDIS datastructures nor code!
Delusion comes with its own TCP/IP stack based on lwIP
8/8/2019 NLUUG Virtualization
17/41
Virtualization vs. DRM
8/8/2019 NLUUG Virtualization
18/41
Invisible Things Lab, 2007
0wning the target OS
If we manage to run the target OS inside a hardware
hypervisor controlled by ourselves
we can bypass all the OS-provided prevention
technologieskernel prevention
anti-debugging
It does not matter what OS is running inside
we control the guests memorywe control the guests I/O
we can set hardware breakpoints
8/8/2019 NLUUG Virtualization
19/41
Invisible Things Lab, 2007
Controlling the target OS
8/8/2019 NLUUG Virtualization
20/41
Invisible Things Lab, 2007
Problem
How to make sure that a user cannot run an OS inside
thin hypervisor?
Can a DRM application detect that it is (and the OS as a
whole) running inside a VM?Provided there was a way for the a DRM application to
detect the presence of a hypervisor should it refuse to
run?
What if the hypervisor was part of a system protection (e.g.
A/V solution)?
8/8/2019 NLUUG Virtualization
21/41
Detecting Blue Pill and other
hypervisors
8/8/2019 NLUUG Virtualization
22/41
Invisible Things Lab, 2007
Detection approaches
Timing analysis
Exploiting implementation bugs (processor/system bugs)
Using dedicated CPU instruction (not available now)
8/8/2019 NLUUG Virtualization
23/41
Invisible Things Lab, 2007
Timing analysis
Direct Timing Analysis
measure execution time of an instruction which you know
(or suspect) that is intercepted by the hypervisor
e.g. RDMSR EFERIndirect Timing Analysis
measure execution time of some operation which is not
intercepted by the hypervisor, but its timing is affected by
the presence of a hypervisor
e.g. page access time
should work on VT-x, which does not use tagged TLB
8/8/2019 NLUUG Virtualization
24/41
Invisible Things Lab, 2007
Measuring Time
CPU Tic Counter
RDTSC instruction
resolution: number of processor cycles (super high!)
very accurate, but trivial to cheat!
Real Time ClockI/O with RTC device
resolution: milliseconds (poor)
relatively easy to cheat (I/O interceptions)
External clock
e.g. NTP protocolresolution: seconds (very poor)
can not be cheated using generic approach only attacksagainst specific implementation
8/8/2019 NLUUG Virtualization
25/41
Invisible Things Lab, 2007
Timing reliability
RDTSC
RDTSC can be cheated via VMCB.TSC_OFFSET
Also, RDTSC is interceptable
Real Time ClockCan be cheated via I/O interception
Network Time Protocol (NTP)
Can be cheated via incoming packet manipulation
Encrypted NTPCan not be generically cheated
Implementation-Specific Attacks only
8/8/2019 NLUUG Virtualization
26/41
8/8/2019 NLUUG Virtualization
27/41
Invisible Things Lab, 2007
Timing accuracy
RDMSR EFER (on first generation SVM processors)
on native machine: ~ 90 cycles
inside Blue Pill: ~ 2000 cycles (!)
1 measurement when using RDTSC method
thousands when using RTC
millions when using NTP
This sets the limit of the frequency of measurements
i.e. we can not consume 100% CPU for detection!
And what if hypervisor uninstalls itself for a momentwhen discovers that time profiling has started?Opppsss
8/8/2019 NLUUG Virtualization
28/41
Invisible Things Lab, 2007
Exploiting Implementation Bugs
We can expect that some (complex) CPU instructions to
behave (sometimes) in some way differently when
executed inside a hardware VM
In other words: CPU implementation bugsOn the one hand they are nearly ideal solution
but on the other hand: they are just bugs!
means they will be fixed sometime
might not affect all processors (e.g. only some revisions)should legitimate products rely on bugs?
8/8/2019 NLUUG Virtualization
29/41
Invisible Things Lab, 2007
Hardware Red Pill?
How about creating a new instruction SVMCHECK:mov rax, svmcheckcmp rax, 0jnz inside_vm
Password should be different for every processorPassword is necessary so that it would be impossible to write agenericprogram which would behave differently inside VM and on anative machine.
Users would get the passwords on certificates when they buy a new
processor or computerPassword would have to be entered to the AV program during itsinstallation.
This could only by done by AMD/Intel! Lets push on them!
8/8/2019 NLUUG Virtualization
30/41
Prevention: blocking
hypervisor installation
8/8/2019 NLUUG Virtualization
31/41
Invisible Things Lab, 2007
Prevention approaches
Disable virtualization!
Do not plug your computer to the Internet ;)
Install preventive hypervisor first (right after the system
boot)What policy used to allow/block installation of other
(nested) hypervisor?
8/8/2019 NLUUG Virtualization
32/41
Invisible Things Lab, 2007
Preventive hypervisor
As a defense we can install preventive hypervisor that will not allowany other to be installed later, e.g. as a result of kernel bugexploitation
requires that we ensure secure boot process
otherwise we cannot know whether our hypervisor is the
real one or nested! (see earlier)Should be very lightweight!Policy?
disallow any other hypervsiors to load later?Effectively disabling the virtualization technology (which has somelegitimate usages after all)
allow only trusted hypervsiors?What is trusted?
How can we ensure there are no bugs in trusted hypervisors?
8/8/2019 NLUUG Virtualization
33/41
Invisible Things Lab, 2007
Implementation Considerations
Preventive Hypervisor can not share the address spacewith the guest
Shadow Paging/Nested Paging is required to preventtampering with hypervisor memory
IOMMU should be used to prevent from accessinghypervisors physical memory via DMA
currently the poor mans alternative to IOMMU on AMDprocessors is External Access Protection (EAP)technology
there does not seem to be any similar technology today onIntel VT-x processors (i.e. similar to EAP)
IOMMU is expected to be available in 2008 on most Inteland AMD processors though
8/8/2019 NLUUG Virtualization
34/41
Invisible Things Lab, 2007
Not allowing OS to boot inside VM
Unclear whether it is possible
If possible, then for sure with the help of TPM/Bitlocker
Subject of further research
Note that this is complementary to preventive
hypervisor idea (or some detection) as it does not
protect against hypervisors installations via kernel exploit
(Blue Pill)This is required only to prevent anti-DRM attacks
8/8/2019 NLUUG Virtualization
35/41
Hypervisors as security
guard
8/8/2019 NLUUG Virtualization
36/41
Invisible Things Lab, 2007
Kernel based integrity monitoring
Prone to all attacks from within kernel
Kernel protection is very hard (impossible) in most OS!
8/8/2019 NLUUG Virtualization
37/41
Invisible Things Lab, 2007
Integrity monitor inside hypervisor
Hypervisors can be much better controlled then kernel
hypervisor can be very thin (easy verifiable)
An integrity monitor inside hypervisor is not prone to direct attacks
from kernel mode!
8/8/2019 NLUUG Virtualization
38/41
Invisible Things Lab, 2007
Legal Issues?
Such hypervisor would have to be installed during
secured boot process
otherwise we can not ensure that its not nested!
Is it acceptable to install such a hypervisor byAn A/V program
DRM application?
8/8/2019 NLUUG Virtualization
39/41
Final Thoughts
8/8/2019 NLUUG Virtualization
40/41
Invisible Things Lab, 2007
Final thoughts
We cannot implement effective preventive hypervisors
today, because of:
the lack of IOMMU technology (DMA attacks)
the lack of Nested Paging (Shadow Paging is too slow)Detection is very hard:
Should not be based on CPU bugs!!!
Need to use encrypted NTP for reliable timing
In other words, we can not effectively fight virtualizationbased malware today!
8/8/2019 NLUUG Virtualization
41/41
Invisible Things Lab, 2007
Final message
Virtualization technology on Intel and AMD processors
seems to be very immature as of today
It allows for effective malware implementation
But does not allow for effective fighting with such amalware!
Because of the lack of IOMMU and Nested Paging,
current hardware virtualization does not seem to offer
any significant benefit over traditional, software based
virtualization, to create full VMMs (e.g. VMWare)