understoodwindowsserver
windowsserver 时间:2021-01-19 阅读:()
BlackHat2007WindowsServerVirtualization&WindowsServerVirtualization&TheWindowsHypervisorTheWindowsHypervisorBrandonBakerLeadSecurityEngineerWindowsKernelTeamMicrosoftCorporationBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WhyahypervisorThin,lowlevelmicrokernelEliminatesringcompressionRunsguestoperatingsystemsw/omodificationAddsdefenseindepthLeveragecurrent&futurehardwareScalabilityBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WindowsServerVirtualizationBackgroundProjectcodenameViridianFullmachinevirtualizationforguestoperatingsystemsComponentofWindowsServer2008Finalversionavailablewithin180daysofWindowsServer2008RTMInstallsasaroleonServerCoreBlackHat2007WindowsServerVirtualizationBackgroundHasthreemajorcomponents:HypervisorVirtualizationStackVirtualDevicesHypervisorBasedTakesadvantageof(andrequires)processorvirtualizationextensionsSupportedonx64hardwareonly,32/64bitguestsupportBlackHat2007TheOldWayVirtualServerArchitectureWindowsServer2003orWindowsXPKernelVMMKernelVirtualServerServiceIISVirtualServerWebAppProvidedby:Providedby:WindowsWindowsISVISVVirtualServerVirtualServerServerHardwareHostRing1:GuestKernelModeWindows(NT4,2000,2003)VMAdditionsRing0:KernelModeRing3:UserModeGuestApplicationsGuestsDeviceDriversBlackHat2007RootVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversWindowshypervisorVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeRing3:UserModeVirtualizationServiceClients(VSCs)OSKernelEnlightenmentsVMBusGuestApplicationsServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianTheNewWayWSVArchitecturePartitionBlackHat2007VirtualizationAttacksRootPartitionVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeVirtualizationServiceClients(VSCs)EnlightenmentsVMBusServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianGuestApplicationsHackersHackersOSKernelRing3:UserModeWindowshypervisorVMBusBlackHat2007HypervisorPartitioningKernelPartitionisisolationboundaryFewvirtualizationfunctions;reliesonvirtualizationstackVerythinlayerofsoftwareMicrokernelHighlyreliableNodevicedriversTwoversions,oneforIntelandoneforAMDDriversrunintherootLeveragethelargebaseofWindowsdriversWell-definedinterfaceAllowotherstocreatesupportfortheirOSesasguestsBlackHat2007RunswithintherootpartitionPortionoftraditionalhypervisorthathasbeenpushedupandouttomakeamicro-hypervisorManagesguestpartitionsHandlesinterceptsEmulatesdevicesVirtualizationStackBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007GuestsareuntrustedRootmustbetrustedbyhypervisor;parentmustbetrustedbychildren.
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
- understoodwindowsserver相关文档
- 证书windowsserver
- warnedwindowsserver
- Serviceswindowsserver
- providerwindowsserver
- Maintainingwindowsserver
- 服务器windowsserver
hostkvm:美国VPS,三网强制CU-VIP线路,$5/月,1G内存/1核/15gSSD/500g流量
hostkvm在2021年3月新上线洛杉矶新VPS业务,强制三网接入中国联通优化线路,是当前中美之间性价比最高、最火热的线路之一,性价比高、速度非常好,接近联通AS9929和电信AS4809的效果,带宽充裕,晚高峰也不爆炸。 官方网站:https://hostkvm.com 全场优惠码:2021(全场通用八折,终身码,长期) 美国 US-Plan0【三网联通优化线路】 内存:1G CPU:...
Ceraus24元/月,国庆促销 香港云上新首月五折
Ceraus数据成立于2020年底,基于KVM虚拟架构技术;主营提供香港CN2、美国洛杉矶CN2、日本CN2的相关VPS云主机业务。喜迎国庆香港上新首月五折不限新老用户,cera机房,线路好,机器稳,适合做站五折优惠码:gqceraus 续费七五折官方网站:https://www.ceraus.com香港云内存CPU硬盘流量宽带优惠价格购买地址香港云2G2核40G不限5Mbps24元/月点击购买...
DogYun(300元/月),韩国独立服务器,E5/SSD+NVMe
DogYun(中文名称狗云)新上了一批韩国自动化上架独立服务器,使用月减200元优惠码后仅需每月300元,双E5 CPU,SSD+NVMe高性能硬盘,支持安装Linux或者Windows操作系统,下单自动化上架。这是一家成立于2019年的国人主机商,提供VPS和独立服务器租用等产品,数据中心包括中国香港、美国洛杉矶、日本、韩国、德国、荷兰等。下面分享这款自动化上架韩国独立服务器的配置和优惠码信息。...
windowsserver为你推荐
-
服务器空间租用租用服务器一年我要交多少钱服务器租赁服务器出租是什么意思,来点简单能看得懂的免费虚拟主机申请谁有1年免费的虚拟主机申请地址吖?便宜的虚拟主机低价虚拟主机那种类型的好呢?美国服务器托管美国服务器租用时要注意什么?虚拟主机评测网哪里有可靠的免费虚拟主机asp虚拟主机支持ASP MSSQL 的虚拟主机有哪些推荐青岛虚拟主机阿里云主机青岛好还是杭州好新网域名新网域名是不是又挂了?免费域名注册哪里有免费域名申请