04 - Virtualization and security

#### Lessons 1. Why Virtualization? 2. [[Virtualization models|Virtualization Models]] 3. [[Green and red virtual machines|Green and Red Virtual Machines]] 4. [[VMM requirements|VMM Requirements]] and [[Full vs Para virtualization|Full Virtualization vs. Para-virtualization]] 5. [[Hardware support for virtualization|Hardware Support for Virtualization]] 6. [[Hardware support for virtualization#Address translation with VT-x|Address Translation in VT-x]] 7. [[SGX - Fine-grain protection without a trusted VMM|SGX: Finer-grain Protection without a Trusted VMM]] 8. [[VMM vulnerabilities & attacks|Attacks Against Virtualization Systems]] & [[Xen VMM]] 9. [[04 - Virtualization and security#VMs and malware analysis|Virtualization & Threat Intelligence: Sandboxes for Malware Analysis]] ### Why Virtualization? Virtualization helps with the [[TCB - Trusted Computing Base#Complete mediation|complete mediation]] and [[TCB - Trusted Computing Base#Correctness|correctness]] requirements of TCB. How? - The virtual resources are mapped to physical resources by the TCB, so no physical resources are accessed without passing through the TCB. - With a virtual machine monitor ([[VMM or Hypervisor]]) we virtualize all resources of the physical machine and make these virtual resources available to a **guest operating system**. The guest operating system does the resource management but the virtual machine monitor takes care of the resource allocation. - Because the guest operating system takes care of the resource management, our system is less complex. Less complexity gives us more confidence that our system achieves [[TCB - Trusted Computing Base#Correctness|correctness]] ([[02 - Design principles for secure systems#Economy of mechanism|economy of mechanism]]). (Mostly true for type 1) ### VMs and malware analysis - Large volumes of VMs can be spun up to handle the large volume of unknown files that need to be sandboxed. However, malware authors usually write evasion techniques for detecting if they are running in a VM. - Can VMs be completely transparent? ----- ### Sources 1. Georgia Tech Module Lectures from Secure Computer Systems 2. [OMSCS Lecture Notes](https://www.omscs-notes.com/secure-computer-systems/04-virtualization) 3. [Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine Monitor (USENIX)](https://www.usenix.org/legacy/events/sec2000/full_papers/robin/robin.pdf)