understoodwindowsserver
windowsserver 时间:2021-01-19 阅读:()
BlackHat2007WindowsServerVirtualization&WindowsServerVirtualization&TheWindowsHypervisorTheWindowsHypervisorBrandonBakerLeadSecurityEngineerWindowsKernelTeamMicrosoftCorporationBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WhyahypervisorThin,lowlevelmicrokernelEliminatesringcompressionRunsguestoperatingsystemsw/omodificationAddsdefenseindepthLeveragecurrent&futurehardwareScalabilityBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WindowsServerVirtualizationBackgroundProjectcodenameViridianFullmachinevirtualizationforguestoperatingsystemsComponentofWindowsServer2008Finalversionavailablewithin180daysofWindowsServer2008RTMInstallsasaroleonServerCoreBlackHat2007WindowsServerVirtualizationBackgroundHasthreemajorcomponents:HypervisorVirtualizationStackVirtualDevicesHypervisorBasedTakesadvantageof(andrequires)processorvirtualizationextensionsSupportedonx64hardwareonly,32/64bitguestsupportBlackHat2007TheOldWayVirtualServerArchitectureWindowsServer2003orWindowsXPKernelVMMKernelVirtualServerServiceIISVirtualServerWebAppProvidedby:Providedby:WindowsWindowsISVISVVirtualServerVirtualServerServerHardwareHostRing1:GuestKernelModeWindows(NT4,2000,2003)VMAdditionsRing0:KernelModeRing3:UserModeGuestApplicationsGuestsDeviceDriversBlackHat2007RootVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversWindowshypervisorVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeRing3:UserModeVirtualizationServiceClients(VSCs)OSKernelEnlightenmentsVMBusGuestApplicationsServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianTheNewWayWSVArchitecturePartitionBlackHat2007VirtualizationAttacksRootPartitionVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeVirtualizationServiceClients(VSCs)EnlightenmentsVMBusServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianGuestApplicationsHackersHackersOSKernelRing3:UserModeWindowshypervisorVMBusBlackHat2007HypervisorPartitioningKernelPartitionisisolationboundaryFewvirtualizationfunctions;reliesonvirtualizationstackVerythinlayerofsoftwareMicrokernelHighlyreliableNodevicedriversTwoversions,oneforIntelandoneforAMDDriversrunintherootLeveragethelargebaseofWindowsdriversWell-definedinterfaceAllowotherstocreatesupportfortheirOSesasguestsBlackHat2007RunswithintherootpartitionPortionoftraditionalhypervisorthathasbeenpushedupandouttomakeamicro-hypervisorManagesguestpartitionsHandlesinterceptsEmulatesdevicesVirtualizationStackBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007GuestsareuntrustedRootmustbetrustedbyhypervisor;parentmustbetrustedbychildren.
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
- understoodwindowsserver相关文档
- 证书windowsserver
- warnedwindowsserver
- Serviceswindowsserver
- providerwindowsserver
- Maintainingwindowsserver
- 服务器windowsserver
georgedatacenter39美元/月$20/年/洛杉矶独立服务器美国VPS/可选洛杉矶/芝加哥/纽约/达拉斯机房/
georgedatacenter这次其实是两个促销,一是促销一款特价洛杉矶E3-1220 V5独服,性价比其实最高;另外还促销三款特价vps,georgedatacenter是一家成立于2019年的美国VPS商家,主营美国洛杉矶、芝加哥、达拉斯、新泽西、西雅图机房的VPS、邮件服务器和托管独立服务器业务。georgedatacenter的VPS采用KVM和VMware虚拟化,可以选择windows...
天上云:香港大带宽物理机服务器572元;20Mbps带宽!三网CN2线路
天上云服务器怎么样?天上云是国人商家,成都天上云网络科技有限公司,专注于香港、美国海外云服务器的产品,有多年的运维维护经验。世界这么大 靠谱最重,我们7*24H为您提供服务,贴心售后服务,安心、省事儿、稳定、靠谱。目前,天上云香港大带宽物理机服务器572元;20Mbps带宽!三网CN2线路,香港沙田数据中心!点击进入:天上云官方网站地址香港沙田数据中心!线路说明 :去程中国电信CN2 +中国联通+...
RackNerd 2022春节促销提供三款年付套餐 低至年付10.88美元
RackNerd 商家我们应该是比较熟悉的商家,速度一般,但是人家便宜且可选机房也是比较多的,较多集中在美国机房。包括前面的新年元旦促销的时候有提供年付10美元左右的方案,实际上RackNerd商家的营销策略也是如此,每逢节日都有活动,配置简单变化,价格基本差不多,所以我们网友看到没有必要囤货,有需要就选择。RackNerd 商家这次2022农历新年也是有几款年付套餐。低至RackNerd VPS...
windowsserver为你推荐
-
虚拟空间购买现在网上有些虚拟空间很便宜,30元/就有100M,值得信不?买虚拟主机买个虚拟主机广东虚拟主机有什么便宜又好用的虚拟主机吗?vps虚拟主机VPS主机、虚拟主机和云主机 它们之间有什么区别?它们哪一个比较好?asp主机sulzer主机类型有哪些com域名空间域名和空间是什么意思网站服务器租用公司想建个网站,请问租服务器按年收费是多少钱域名备案域名怎么备案香港虚拟空间最稳定香港虚拟主机空间在哪里?虚拟空间免费试用目前哪里有免费试用的虚拟主机 或者服务器用啊?