SlideShare une entreprise Scribd logo

XS Japan 2008 App Data English

The Linux Foundation
The Linux Foundation

Koichi Onoue: Controlling System Calls and Protecting Application Data in Virtual Machines

TechnologieBusiness
1  sur  26
Télécharger pour lire hors ligne
Controlling System Calls and Protecting Application Data in Virtual Machines Koichi Onoue* Yoshihiro Oyama** Akinori Yonezawa* * The University of Tokyo ** The University of Electro-Communications
Protection for Applications • Security systems has been widely applied to provide secure computing environments – Sandboxing systems – Intrusion detecion/prevension systems (IDSes/IPSes) – Anti-virus tools Confidential data Security Application control system OS kernel
Security Systems Can Also Be Compromised! • Security systems and the other applications are running in the same execution space Application 1 was compromised ! Confidential data Application 1 Security Application 2 control system OS kernel
Advantages of Virtual Machine Monitor (VMM) in Terms of Security • VMM can provide strong isolation between VMs Application Application – VMM prevents a compromised VM from OS OS attacking to the other VMs (Guest OS) (Guest OS) • VMM can control access Virtual machine Virtual machine to physical computing (VM) (VM) resources such as a physical memory and a disk Virtual machine monitor (VMM) – VMM is running at the higher privileged level than VMs Hardware
Our Goal • Enhancing application security from outside of VMs – In cooperation with VMM, security systems control behaviors of application and protect application data Target VM Control VM Application Security system VMM
Our Approach • Controlling system calls from outside of target VMs – We confine behaviors of application processes • Controlling memory and file operations related with target applications in a VMM and a control VM – We prevent non-target programs from leaking target application data and tampering with them  Our system control only the target application which users specify We extend a para-virtualization version of Xen
Controlling System Calls from Outside of target VMs
Comparison between “w/o VMM” and “w/ VMM” Security Security system in systems cooperation with VMM (“w/o VMM”) (“w/ VMM”) × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems
Goal for Controlling System Calls Security Security systems in systems cooperation with VMM × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems Semantic gap Our goal
Approach for Controlling System Calls • Controlling system calls from outside of VMs – Using information on target OSes • Conforming to security policies Target VM Control VM Security policy application Security system VMM
Bridging the Semantic Gap • What a VMM can observe – Events :Privileged instructions, Interrupts, … – Execution States:Registers, Memory pages, … Semantic gap • What security systems require – Events :System calls, … – Execution states: Process ID, System call number, …
Security Policy • Specifies invoked system calls with pattern matching ... open default: allow fileEq(“/etc/passwd”) or filePrefixEq(“/etc/cron.d”) deny(EPERM) ...
Controlling Memory and File Operations Related with Application Data
Goal for Protecting Application Data • Prevent compromised programs from leaking target data and tampering with them – Attackers use ptrace system call and kernel modules, etc. Memory Virtual disk Target Target Confidential data Tampering Leaking Application OS kernel VM Compromised program
Approach for Protecting Application Data • Hiding “real” application data on a memory and a virtual disk from compromised programs – Compromised programs include target OS • Application data on a memory – Code region, data region, stack region, etc. ➔VMM multiplexes target physical pages • Application data on a virtual disk – Executables, configuration files, etc. ➔ Control VM manages them
OS Memory Management Virtual address Physical address space space OS address translation Application Application
VMM Memory Management Target VM virtual Target VM VMM physical address space physical address address space gPA → space (gVA) (hPA) hPA (gPA) Application Application application gVA → hPA VMM address translation 17
Approach for Protecting Application Memory Data (1/2) • According to the operational mode, a VMM switches accessible physical pages Target VM virtual Target VM VMM physical address space physical address address space space (gVA) (hPA) (gPA) Application Dummy data Application “Real” data Accessible page at user-level Accessible page at kernel-level – Overshadow[Chen et al., 2008] – [Rosenblum et al.,2008]
Approach for Protecting Application Memory Data (2/2) • When the operational mode were changed, a VMM switch the page tables – Exception/Interrupt handling – System call handling
Approach for Protecting Application File Data (1/5) • Control VM manages “real” target files – Executables, configuration and data base files, etc. – Security policy specifies target files Control VM Target VM Security Dummy policy Security system Application configuration “Real” file configuration file Dummy “Real” executable executable VMM
Approach for Protecting Application File Data (2/5) Control VM Target VM Memory Security system Application read a configuration file Configuration file Application VMM
Approach for Protecting Application File Data (3/5) Control VM Target VM Memory Security system VMM intercepts Configuration “read” system call file Application VMM
Approach for Protecting Application File Data (4/5) Security system Control VM Target VM emulates “read” Memory Security system Configuration file Application VMM
Approach for Protecting Application File Data (5/5) Control VM Target VM Memory Security system Configuration VMM notifies file application of a Application result of “read” VMM
Conclusion • We have proposed security system that enhances applications inside target VMs – Controlling of application behaviors • Controlling of system calls from outside of target VMs – Protecting application data on a memory and a virtual disk • Application memory data: VMM multiplexes target physical pages • Application file data: Control VM manages them
Fin

Recommandé

XS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishXS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishThe Linux Foundation
 
XS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishXS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishThe Linux Foundation
 
XS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIXS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIThe Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008The Linux Foundation
 
XS Japan 2008 Services English
XS Japan 2008 Services EnglishXS Japan 2008 Services English
XS Japan 2008 Services EnglishThe Linux Foundation
 
XS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesXS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesThe Linux Foundation
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008The Linux Foundation
 
XS Boston 2008 Project Status
XS Boston 2008 Project StatusXS Boston 2008 Project Status
XS Boston 2008 Project StatusThe Linux Foundation
 

Recommandé

XS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishXS Japan 2008 Citrix English
XS Japan 2008 Citrix EnglishThe Linux Foundation
 
XS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishXS Japan 2008 Oracle VM English
XS Japan 2008 Oracle VM EnglishThe Linux Foundation
 
XS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIXS Boston 2008 VT-D PCI
XS Boston 2008 VT-D PCIThe Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008The Linux Foundation
 
XS Japan 2008 Services English
XS Japan 2008 Services EnglishXS Japan 2008 Services English
XS Japan 2008 Services EnglishThe Linux Foundation
 
XS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesXS Oracle 2009 Intro Slides
XS Oracle 2009 Intro SlidesThe Linux Foundation
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008The Linux Foundation
 
XS Boston 2008 Project Status
XS Boston 2008 Project StatusXS Boston 2008 Project Status
XS Boston 2008 Project StatusThe Linux Foundation
 
Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisBlauge
 
XS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationXS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationThe Linux Foundation
 
XS Oracle 2009 PVOps
XS Oracle 2009 PVOpsXS Oracle 2009 PVOps
XS Oracle 2009 PVOpsThe Linux Foundation
 
XS Oracle 2009 Error Detection
XS Oracle 2009 Error DetectionXS Oracle 2009 Error Detection
XS Oracle 2009 Error DetectionThe Linux Foundation
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVFThe Linux Foundation
 
XS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm SnapshotsXS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm SnapshotsThe Linux Foundation
 
Master VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementMaster VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementIwan Rahabok
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideSree Harsha Boyapati
 
Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template wmosquera
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPMThe Linux Foundation
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceThe Linux Foundation
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...Peter Ocasek
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteThe Linux Foundation
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingThe Linux Foundation
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishThe Linux Foundation
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAlan Renouf
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishThe Linux Foundation
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009The Linux Foundation
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...Peter Ocasek
 
XS Japan 2008 BitVisor English
XS Japan 2008 BitVisor EnglishXS Japan 2008 BitVisor English
XS Japan 2008 BitVisor EnglishThe Linux Foundation
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 

Contenu connexe

Tendances

Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisBlauge
 
Master VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementMaster VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementIwan Rahabok
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideSree Harsha Boyapati
 
Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template wmosquera
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...Peter Ocasek
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishThe Linux Foundation
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAlan Renouf
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...Peter Ocasek
 

Tendances (20)

Hyper V And Scvmm Best Practis
Hyper V And Scvmm Best PractisHyper V And Scvmm Best Practis
Hyper V And Scvmm Best Practis
 
XS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO EmulationXS Boston 2008 Self IO Emulation
XS Boston 2008 Self IO Emulation
 
XS Oracle 2009 PVOps
XS Oracle 2009 PVOpsXS Oracle 2009 PVOps
XS Oracle 2009 PVOps
 
XS Oracle 2009 Error Detection
XS Oracle 2009 Error DetectionXS Oracle 2009 Error Detection
XS Oracle 2009 Error Detection
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVF
 
XS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm SnapshotsXS Oracle 2009 Vm Snapshots
XS Oracle 2009 Vm Snapshots
 
Master VMware Performance and Capacity Management
Master VMware Performance and Capacity ManagementMaster VMware Performance and Capacity Management
Master VMware Performance and Capacity Management
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guide
 
Xen server poc template
Xen server poc template Xen server poc template
Xen server poc template
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPM
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault Tolerance
 
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
XenServer 5.5 - Czy można zaoszczędzić na wirtualizacji serwerów? Darmowy Xen...
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 Keynote
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & Training
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status English
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti English
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009
 
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
„Wielka dwójka”, czyli jak działa Citrix XenApp na Citrix XenServer u dużych ...
 
XS Japan 2008 BitVisor English
XS Japan 2008 BitVisor EnglishXS Japan 2008 BitVisor English
XS Japan 2008 BitVisor English
 

Similaire à XS Japan 2008 App Data English

Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
IaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdfIaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdfDharavathRamesh2
 
Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009Da-Chang Guan
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdfpivanon243
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseEMC
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseEMC
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Virutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter SecurityVirutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter Securityguestb09e16
 
Cloud security
Cloud securityCloud security
Cloud securityinsoonjo
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 

Similaire à XS Japan 2008 App Data English (20)

Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Chapter 3.4.pptx
Chapter 3.4.pptxChapter 3.4.pptx
Chapter 3.4.pptx
 
Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008Ina Pratt Fosdem Feb2008
Ina Pratt Fosdem Feb2008
 
IaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdfIaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdf
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009Capture-HPC talk@ OSDC.tw 2009
Capture-HPC talk@ OSDC.tw 2009
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Virutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter SecurityVirutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter Security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualization
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 

Plus de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

Plus de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Dernier

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Dernier (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

XS Japan 2008 App Data English

  • 1. Controlling System Calls and Protecting Application Data in Virtual Machines Koichi Onoue* Yoshihiro Oyama** Akinori Yonezawa* * The University of Tokyo ** The University of Electro-Communications
  • 2. Protection for Applications • Security systems has been widely applied to provide secure computing environments – Sandboxing systems – Intrusion detecion/prevension systems (IDSes/IPSes) – Anti-virus tools Confidential data Security Application control system OS kernel
  • 3. Security Systems Can Also Be Compromised! • Security systems and the other applications are running in the same execution space Application 1 was compromised ! Confidential data Application 1 Security Application 2 control system OS kernel
  • 4. Advantages of Virtual Machine Monitor (VMM) in Terms of Security • VMM can provide strong isolation between VMs Application Application – VMM prevents a compromised VM from OS OS attacking to the other VMs (Guest OS) (Guest OS) • VMM can control access Virtual machine Virtual machine to physical computing (VM) (VM) resources such as a physical memory and a disk Virtual machine monitor (VMM) – VMM is running at the higher privileged level than VMs Hardware
  • 5. Our Goal • Enhancing application security from outside of VMs – In cooperation with VMM, security systems control behaviors of application and protect application data Target VM Control VM Application Security system VMM
  • 6. Our Approach • Controlling system calls from outside of target VMs – We confine behaviors of application processes • Controlling memory and file operations related with target applications in a VMM and a control VM – We prevent non-target programs from leaking target application data and tampering with them  Our system control only the target application which users specify We extend a para-virtualization version of Xen
  • 7. Controlling System Calls from Outside of target VMs
  • 8. Comparison between “w/o VMM” and “w/ VMM” Security Security system in systems cooperation with VMM (“w/o VMM”) (“w/ VMM”) × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems
  • 9. Goal for Controlling System Calls Security Security systems in systems cooperation with VMM × ○ Attack against security systems Not hard Hard Execution states ○ × obtained by OS-level Hardware-level security systems Semantic gap Our goal
  • 10. Approach for Controlling System Calls • Controlling system calls from outside of VMs – Using information on target OSes • Conforming to security policies Target VM Control VM Security policy application Security system VMM
  • 11. Bridging the Semantic Gap • What a VMM can observe – Events :Privileged instructions, Interrupts, … – Execution States:Registers, Memory pages, … Semantic gap • What security systems require – Events :System calls, … – Execution states: Process ID, System call number, …
  • 12. Security Policy • Specifies invoked system calls with pattern matching ... open default: allow fileEq(“/etc/passwd”) or filePrefixEq(“/etc/cron.d”) deny(EPERM) ...
  • 13. Controlling Memory and File Operations Related with Application Data
  • 14. Goal for Protecting Application Data • Prevent compromised programs from leaking target data and tampering with them – Attackers use ptrace system call and kernel modules, etc. Memory Virtual disk Target Target Confidential data Tampering Leaking Application OS kernel VM Compromised program
  • 15. Approach for Protecting Application Data • Hiding “real” application data on a memory and a virtual disk from compromised programs – Compromised programs include target OS • Application data on a memory – Code region, data region, stack region, etc. ➔VMM multiplexes target physical pages • Application data on a virtual disk – Executables, configuration files, etc. ➔ Control VM manages them
  • 16. OS Memory Management Virtual address Physical address space space OS address translation Application Application
  • 17. VMM Memory Management Target VM virtual Target VM VMM physical address space physical address address space gPA → space (gVA) (hPA) hPA (gPA) Application Application application gVA → hPA VMM address translation 17
  • 18. Approach for Protecting Application Memory Data (1/2) • According to the operational mode, a VMM switches accessible physical pages Target VM virtual Target VM VMM physical address space physical address address space space (gVA) (hPA) (gPA) Application Dummy data Application “Real” data Accessible page at user-level Accessible page at kernel-level – Overshadow[Chen et al., 2008] – [Rosenblum et al.,2008]
  • 19. Approach for Protecting Application Memory Data (2/2) • When the operational mode were changed, a VMM switch the page tables – Exception/Interrupt handling – System call handling
  • 20. Approach for Protecting Application File Data (1/5) • Control VM manages “real” target files – Executables, configuration and data base files, etc. – Security policy specifies target files Control VM Target VM Security Dummy policy Security system Application configuration “Real” file configuration file Dummy “Real” executable executable VMM
  • 21. Approach for Protecting Application File Data (2/5) Control VM Target VM Memory Security system Application read a configuration file Configuration file Application VMM
  • 22. Approach for Protecting Application File Data (3/5) Control VM Target VM Memory Security system VMM intercepts Configuration “read” system call file Application VMM
  • 23. Approach for Protecting Application File Data (4/5) Security system Control VM Target VM emulates “read” Memory Security system Configuration file Application VMM
  • 24. Approach for Protecting Application File Data (5/5) Control VM Target VM Memory Security system Configuration VMM notifies file application of a Application result of “read” VMM
  • 25. Conclusion • We have proposed security system that enhances applications inside target VMs – Controlling of application behaviors • Controlling of system calls from outside of target VMs – Protecting application data on a memory and a virtual disk • Application memory data: VMM multiplexes target physical pages • Application file data: Control VM manages them
  • 26. Fin