understoodwindowsserver
windowsserver 时间:2021-01-19 阅读:()
BlackHat2007WindowsServerVirtualization&WindowsServerVirtualization&TheWindowsHypervisorTheWindowsHypervisorBrandonBakerLeadSecurityEngineerWindowsKernelTeamMicrosoftCorporationBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WhyahypervisorThin,lowlevelmicrokernelEliminatesringcompressionRunsguestoperatingsystemsw/omodificationAddsdefenseindepthLeveragecurrent&futurehardwareScalabilityBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WindowsServerVirtualizationBackgroundProjectcodenameViridianFullmachinevirtualizationforguestoperatingsystemsComponentofWindowsServer2008Finalversionavailablewithin180daysofWindowsServer2008RTMInstallsasaroleonServerCoreBlackHat2007WindowsServerVirtualizationBackgroundHasthreemajorcomponents:HypervisorVirtualizationStackVirtualDevicesHypervisorBasedTakesadvantageof(andrequires)processorvirtualizationextensionsSupportedonx64hardwareonly,32/64bitguestsupportBlackHat2007TheOldWayVirtualServerArchitectureWindowsServer2003orWindowsXPKernelVMMKernelVirtualServerServiceIISVirtualServerWebAppProvidedby:Providedby:WindowsWindowsISVISVVirtualServerVirtualServerServerHardwareHostRing1:GuestKernelModeWindows(NT4,2000,2003)VMAdditionsRing0:KernelModeRing3:UserModeGuestApplicationsGuestsDeviceDriversBlackHat2007RootVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversWindowshypervisorVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeRing3:UserModeVirtualizationServiceClients(VSCs)OSKernelEnlightenmentsVMBusGuestApplicationsServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianTheNewWayWSVArchitecturePartitionBlackHat2007VirtualizationAttacksRootPartitionVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeVirtualizationServiceClients(VSCs)EnlightenmentsVMBusServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianGuestApplicationsHackersHackersOSKernelRing3:UserModeWindowshypervisorVMBusBlackHat2007HypervisorPartitioningKernelPartitionisisolationboundaryFewvirtualizationfunctions;reliesonvirtualizationstackVerythinlayerofsoftwareMicrokernelHighlyreliableNodevicedriversTwoversions,oneforIntelandoneforAMDDriversrunintherootLeveragethelargebaseofWindowsdriversWell-definedinterfaceAllowotherstocreatesupportfortheirOSesasguestsBlackHat2007RunswithintherootpartitionPortionoftraditionalhypervisorthathasbeenpushedupandouttomakeamicro-hypervisorManagesguestpartitionsHandlesinterceptsEmulatesdevicesVirtualizationStackBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007GuestsareuntrustedRootmustbetrustedbyhypervisor;parentmustbetrustedbychildren.
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
- understoodwindowsserver相关文档
- 证书windowsserver
- warnedwindowsserver
- Serviceswindowsserver
- providerwindowsserver
- Maintainingwindowsserver
- 服务器windowsserver
Hostiger发布哥伦布日提供VPS主机首月七折优惠 月费2.79美元
Hostiger商家我们可能以前也是有见过的,以前他们的域名是Hostigger,后来进行微调后包装成现在的。而且推出Columbus Day哥伦布日优惠活动,提供全场的VPS主机首月7折月付2.79美元起的优惠。这里我们普及一下基础知识,Columbus Day ,即为每年10月12日,是一些美洲国家的节日,纪念克里斯托弗·哥伦布在北美登陆,为美国的联邦假日。Hostiger 商家是一个成立于2...
Sharktech$129/月,1Gbps不限流量,E5-2678v3(24核48线程)
Sharktech最近洛杉矶和丹佛低价配置大部分都无货了,只有荷兰机房还有少量库存,商家又提供了两款洛杉矶特价独立服务器,价格不错,CPU/内存/硬盘都是高配,1-10Gbps带宽不限流量最低129美元/月起。鲨鱼机房(Sharktech)我们也叫它SK机房,是一家成立于2003年的老牌国外主机商,提供的产品包括独立服务器租用、VPS主机等,自营机房在美国洛杉矶、丹佛、芝加哥和荷兰阿姆斯特丹等,主...
RFCHOST - 洛杉矶CN2 GIA VPS季付23.9美元起 100Mbps带宽
RFCHOST,这个服务商我们可能有一些朋友知道的。不要看官网是英文就以为是老外服务商,实际上这个服务商公司在上海。我们实际上看到的很多商家,有的是繁体,有的是英文,实际上很多都是我们国人朋友做的,有的甚至还做好几个品牌域名,实际上都是一个公司。对于RFCHOST商家还是第一次分享他们家的信息,公司成立大约2015年左右。目前RFCHOST洛杉矶机房VPS正进行优惠促销,采用CN2优化线路,电信双...
windowsserver为你推荐
-
网络服务器租用租网络服务器在哪些平台比较合适?域名注册查询如何知道域名注册信息?美国vps租用如何选择国外vps服务器?台湾主机香港,美国,台湾,韩国,日本主机到底哪个好asp虚拟空间asp视频聊天室系统支持虚拟空间免费网站空间如何免费做网站 免费域名+免费空间+免费网站北京网站空间网站空间哪里的好,apache虚拟主机如何用Apache配置安全虚拟主机 - PHP进阶讨论大连虚拟主机上海未星网络科技有限公司是一家什么样的公司?淘宝虚拟主机淘宝买万网虚拟主机怎么变别真假