Skip to main content
SpringerLink
Log in

On the Limits of Hypervisor- and Virtual Machine Monitor-Based Isolation

  • Chapter
  • First Online:
Towards Hardware-Intrinsic Security

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

In the past few years, there has been a lot of different attempts to build trusted platforms allowing users to access sensitive and non-sensitive data in a compartmentalized way, i.e., such that applications dealing with sensitive data are fully isolated from those dealing only with public data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Technologies like Intel® TxT and AMD SVM/skinit aim at excluding the BIOS from the trusted computing base.

  2. 2.

    We would also consider here any other controller that would not be embedded in the chipset such as a network controller.

  3. 3.

    On many laptops, the Wifi antenna is indeed wrapped around the screen.

  4. 4.

    The Base Linux should not be confused with the hypervisor or the host OS shown in Fig. 1.

  5. 5.

    The attacker shall keep in mind of certain false positives that are inherent to this scheme. Depending on the start address given to the find_pattern command, the pattern she is looking for will indeed be found in the command itself and might also be found in the process launched on domain L.

References

  1. L. Absil, L. Duflot, in Programmed I/O Accesses: A Threat to Virtual Machine Monitors. Pacific Security Conference PacSec07, Tokyo, Japan, 29–30 Nov 2007

    Google Scholar 

  2. Advanced Micro Devices (AMD). AMD Virtualisation Solutions, 2007. http://www.amd.com/virtualization/

  3. D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, in Trojan Detection Using IC Fingerprinting. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 20–23 May 2007, pp. 296–310

    Google Scholar 

  4. F. Bellard, QEMU Open Source Processor Emulator, 2007 http://wiki.qemu.org/

  5. Y. Berger, A. Wool, A. Yeredor, in Dictionary Attacks Using Keyboard Acoustic Emanations. CCS’06: Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 Oct–3 Nov, 2006 (ACM Press, New York, NY, 2006), pp. 245–254

    Google Scholar 

  6. D. J. Bernstein, Cache Timing Attacks on AES. Technical Report, The University of Illinois at Chicago, 2005.

    Google Scholar 

  7. G. Bertoni, V. Zaccaria, L. Breveglieri, M. Monchiero, in AES Power Attack Based on Induced Cache Miss and Countermeasure. ITCC’05: Proceedings of the International Conference on Information Technology: Coding and Computing, Las Vegas, NV, USA, 4–6 Apr 2005

    Google Scholar 

  8. E. Biham, Y. Carmeli, A. Shamir, in Bug Attacks. CRYPTO, Santa Barbara, CA, USA, 17–21 Aug 2008

    Google Scholar 

  9. BSDDaemon, coideloko, and D0nAnd0n, System Management Mode Hack: Using SMM for Other Purposes. Phrack Magazine, 2008. http://www.phrack.org/

  10. F. David, E. Chan, J. Carlyle, R. Campbell, in Cloaker: Hardware Supported Rootkit Concealment. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 18–21 May 2008

    Google Scholar 

  11. G. Duc, R. Keryell, Cryptopage: An efficient secure architecture with memory encryption, integrity and information leakage protection. Ann. Comput. Secur. Appl. Conf., 483–492 (Shanghai, China, 6–8 Sept 2006)

    Google Scholar 

  12. L. Duflot, in CPU Bugs, CPU Backdoors and Consequences on Security. ESORICS 2008: Proceedings of the 13th European Symposium on Research Computer Security, Malaga, Spain, 6–8 Oct 2008

    Google Scholar 

  13. L. Duflot, O. Grumelard, O. Levillain, B. Morin, in Getting into the SMRAM: SMM Reloaded. CanSecWest Applied Security Conference 2009, Vancouver, Canada, 18–20 Mar 2009

    Google Scholar 

  14. L. Duflot, O. Levillain, B. Morin, in ACPI: Design Principles and Concerns. Trust 2009, Oxford, UK, 6–8 Apr 2009

    Google Scholar 

  15. S. Embleton, S. Sparks, in The System Management Mode (SMM) Rootkit. Black Hat Briefings, Washington, DC, USA, 18–21 Feb 2008

    Google Scholar 

  16. EMSCB Consortium. Turaya EMSCB, 2005. http://www.emscb.com/content/pages/ emscb.turaya.htm

  17. French National Research Agency. Secure and isolated operating system challenge, 2008. http://secsi.adullact.net/

  18. GNU. Linux VServer, 2007. http://linux-vserver.org

  19. J. Heasman, in Implementing and Detecting an ACPI BIOS Rootkit. Blackhat Federal 2006, Washington, DC, USA, 23–26 Jan 2006

    Google Scholar 

  20. G. Heiser, K. Elphinstone, I. Kuz, G. Klein, S. Petters, Towards trustworthy computing systems: Taking microkernels to the next level. ACM SIGOPS Oper. Syst. Rev. 41(4), 3–11 (July, 2007)

    Article  Google Scholar 

  21. Intel Corp. Intel 64 and IA 32 architectures software developer’s manual volume 3A: system programming guide part 1, 2007

    Google Scholar 

  22. Intel Corp. Intel 64 and IA 32 architectures software developer’s manual volume 3A: system programming guide part 2, 2007

    Google Scholar 

  23. JEDEC. DDR2 specification, Nov 2009

    Google Scholar 

  24. P.-H. Kamp, R.N.M. Watson, in Jails: Confining the Omnipotent Root. Proceedings of the 2nd International SANE Conference, Maastricht, The Netherlands, 22–25 May 2000

    Google Scholar 

  25. K. Kaspersky, in Remote Code Execution Through Intel CPU bugs. Hack In The Box Security Conference, Kuala Lumpur, Malaysia, 27–30 Oct 2008

    Google Scholar 

  26. O. Kaya, J.-P. Seifert, On the Power of Simple Branch Prediction Analysis. Cryptology ePrint Archive, 2006. http://eprint.iacr.org/2006/351.pdf

  27. S. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, Y. Zhou, in Designing and Implementing Malicious Hardware. Proceedings of the First USENIX Workshop on Large Scale Exploits and Emergent Threats, LEET’08, San Francisco, CA, USA, 15 Apr 2008

    Google Scholar 

  28. C. Lauradoux, in Collision Attacks on Processors with Cache and Countermeasures. WeWorC ’05: Western European Workshop on Research in Cryptology, Leuven, Belgium, 5–7 July 2005

    Google Scholar 

  29. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, M. Horowitz, Architectural support for copy and tamper resistant software. ACM SIGPLAN Not. 35(11), 168–177 (2000)

    Article  Google Scholar 

  30. R. Merkle, Secrecy, Authentication and Public Key Systems – A Certified Digital Signature. Ph.D. thesis, Department of Electrical Engineering, Stanford University, 1979

    Google Scholar 

  31. National Security Agency. NetTop, 2009. http://www.nsa.gov/research/tech_transfer/ fact_sheets-/nettop.shtml

  32. J. Rutkowska, R. Wojtczuk, in Preventing and Detecting Xen Hypervisor Subversions. Blackhat Briefings, Washington, DC, USA, 18–21 Feb 2008

    Google Scholar 

  33. A. Sacco A. Ortega, in Persistent BIOS Infection. CanSecWest Conference, Vancouver, Canada, 18–20 Mar 2009

    Google Scholar 

  34. G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, S. Devadas, in Aegis: Architecture for Tamper-Evident and Tamper-Resistant Processing. ICS ’03: Proceedings of the 17th Annual International Conference on Supercomputing, San Francisco, CA, USA, 23–26 June 2003 (ACM, New York, NY, 2003), pp. 160–171

    Google Scholar 

  35. Y. Tsunoo, T. Saito, T. Suzaki, M. Shigeri, H. Miyauchi, in Cryptanalysis of DES Implemented on Computers with Cache. CHES ’03: Proceedings of the 4th Workshop on Cryptographic Hardware and Embedded Software, Cologne, Germany, 7–10 Sept 2003

    Google Scholar 

  36. University of Cambridge. Xen Virtual Machine Monitor, 2007. http://www.cl.cam.ac.uk/research/srg/netos/xen/

  37. J. Vanegue, in Hacking PXE Without Reboot. BA-Con Argentina, 2008

    Google Scholar 

  38. VMware Inc. VMware Virtualisation Software, 2007

    Google Scholar 

  39. R. Wojtczuk, J. Rutkowska, in Attacking Intel Trusted Execution Technology. Blackhat Federal 2009, 2009

    Google Scholar 

  40. L. Zhuang, F. Zhou, J.D. Tygar, in Keyboard Acoustic Emanations Revisited. CCS ’05: Proceedings of the 12th ACM Conference on Computer and Communications Security Alexandria, VA, USA, 7–11 Nov 2005 (ACM Press, New York, NY, 2005), pp. 373–382

    Google Scholar 

  41. X. Zhuang, T. Zhang, S. Pande, Hide: An infrastructure for efficiently protecting information leakage on the address bus. ACM SIGOPS Oper. Syst. Rev. 38(5), 72–84 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. French Network and Information Security Agency (ANSSI), Paris, France

    Loic Duflot, Olivier Grumelard, Olivier Levillain & Benjamin Morin

Authors
  1. Loic Duflot
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Grumelard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Levillain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benjamin Morin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Loic Duflot .

Editor information

Editors and Affiliations

  1. Horst Görtz Institut für, Sicherheit in der, Universität Bochum, Universitätsstr. 150, Bochum, 44780, Germany

    Ahmad-Reza Sadeghi

  2. Département d'informatique, Groupe de cryptographie, École normale supérieure, rue d'Ulm 45, Paris, 75230, France

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Duflot, L., Grumelard, O., Levillain, O., Morin, B. (2010). On the Limits of Hypervisor- and Virtual Machine Monitor-Based Isolation. In: Sadeghi, AR., Naccache, D. (eds) Towards Hardware-Intrinsic Security. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14452-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14452-3_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14451-6

  • Online ISBN: 978-3-642-14452-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation