幻影中的安全来宾虚拟机支持

Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments Pub Date : 2019-04-14 DOI:10.1145/3313808.3313809

Ethan Johnson, Komail Dharsee, J. Criswell

{"title":"幻影中的安全来宾虚拟机支持","authors":"Ethan Johnson, Komail Dharsee, J. Criswell","doi":"10.1145/3313808.3313809","DOIUrl":null,"url":null,"abstract":"Recent research utilizing Secure Virtual Architecture (SVA) has demonstrated that compiler-based virtual machines can protect applications from side-channel attacks launched by compromised operating system kernels. However, SVA provides no instructions for using hardware virtualization features such as Intel’s Virtual Machine Extensions (VMX) and AMD’s Secure Virtual Machine (SVM). Consequently, operating systems running on top of SVA cannot run guest operating systems using features such as Linux’s Kernel Virtual Machine (KVM) and FreeBSD’s bhyve. This paper presents a set of new SVA instructions that allow an operating system kernel to configure and use the Intel VMX hardware features. Additionally, we use these new instructions to create Shade. Shade extends Apparition (an SVA-based system) to ensure that a compromised host operating system cannot use the new VMX virtual instructions to attack host applications (either directly or via page-fault and last-level-cache side-channel attacks).","PeriodicalId":350040,"journal":{"name":"Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Secure guest virtual machine support in apparition\",\"authors\":\"Ethan Johnson, Komail Dharsee, J. Criswell\",\"doi\":\"10.1145/3313808.3313809\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent research utilizing Secure Virtual Architecture (SVA) has demonstrated that compiler-based virtual machines can protect applications from side-channel attacks launched by compromised operating system kernels. However, SVA provides no instructions for using hardware virtualization features such as Intel’s Virtual Machine Extensions (VMX) and AMD’s Secure Virtual Machine (SVM). Consequently, operating systems running on top of SVA cannot run guest operating systems using features such as Linux’s Kernel Virtual Machine (KVM) and FreeBSD’s bhyve. This paper presents a set of new SVA instructions that allow an operating system kernel to configure and use the Intel VMX hardware features. Additionally, we use these new instructions to create Shade. Shade extends Apparition (an SVA-based system) to ensure that a compromised host operating system cannot use the new VMX virtual instructions to attack host applications (either directly or via page-fault and last-level-cache side-channel attacks).\",\"PeriodicalId\":350040,\"journal\":{\"name\":\"Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3313808.3313809\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3313808.3313809","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

最近利用安全虚拟架构(SVA)的研究表明，基于编译器的虚拟机可以保护应用程序免受由受损操作系统内核发起的侧信道攻击。但是，SVA没有提供使用硬件虚拟化特性的说明，例如英特尔的虚拟机扩展(VMX)和AMD的安全虚拟机(SVM)。因此，运行在SVA之上的操作系统不能运行使用Linux的内核虚拟机(KVM)和FreeBSD的bhyve等特性的客户操作系统。本文提出了一组新的SVA指令，这些指令允许操作系统内核配置和使用Intel VMX硬件特性。此外，我们使用这些新的指令来创建阴影。Shade扩展了Apparition(一种基于sva的系统)，以确保受损的主机操作系统不能使用新的VMX虚拟指令来攻击主机应用程序(直接或通过页面故障和最后一级缓存侧通道攻击)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure guest virtual machine support in apparition

Recent research utilizing Secure Virtual Architecture (SVA) has demonstrated that compiler-based virtual machines can protect applications from side-channel attacks launched by compromised operating system kernels. However, SVA provides no instructions for using hardware virtualization features such as Intel’s Virtual Machine Extensions (VMX) and AMD’s Secure Virtual Machine (SVM). Consequently, operating systems running on top of SVA cannot run guest operating systems using features such as Linux’s Kernel Virtual Machine (KVM) and FreeBSD’s bhyve. This paper presents a set of new SVA instructions that allow an operating system kernel to configure and use the Intel VMX hardware features. Additionally, we use these new instructions to create Shade. Shade extends Apparition (an SVA-based system) to ensure that a compromised host operating system cannot use the new VMX virtual instructions to attack host applications (either directly or via page-fault and last-level-cache side-channel attacks).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

自引率

0.00%

发文量