understoodwindowsserver
windowsserver 时间:2021-01-19 阅读:()
BlackHat2007WindowsServerVirtualization&WindowsServerVirtualization&TheWindowsHypervisorTheWindowsHypervisorBrandonBakerLeadSecurityEngineerWindowsKernelTeamMicrosoftCorporationBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WhyahypervisorThin,lowlevelmicrokernelEliminatesringcompressionRunsguestoperatingsystemsw/omodificationAddsdefenseindepthLeveragecurrent&futurehardwareScalabilityBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WindowsServerVirtualizationBackgroundProjectcodenameViridianFullmachinevirtualizationforguestoperatingsystemsComponentofWindowsServer2008Finalversionavailablewithin180daysofWindowsServer2008RTMInstallsasaroleonServerCoreBlackHat2007WindowsServerVirtualizationBackgroundHasthreemajorcomponents:HypervisorVirtualizationStackVirtualDevicesHypervisorBasedTakesadvantageof(andrequires)processorvirtualizationextensionsSupportedonx64hardwareonly,32/64bitguestsupportBlackHat2007TheOldWayVirtualServerArchitectureWindowsServer2003orWindowsXPKernelVMMKernelVirtualServerServiceIISVirtualServerWebAppProvidedby:Providedby:WindowsWindowsISVISVVirtualServerVirtualServerServerHardwareHostRing1:GuestKernelModeWindows(NT4,2000,2003)VMAdditionsRing0:KernelModeRing3:UserModeGuestApplicationsGuestsDeviceDriversBlackHat2007RootVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversWindowshypervisorVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeRing3:UserModeVirtualizationServiceClients(VSCs)OSKernelEnlightenmentsVMBusGuestApplicationsServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianTheNewWayWSVArchitecturePartitionBlackHat2007VirtualizationAttacksRootPartitionVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeVirtualizationServiceClients(VSCs)EnlightenmentsVMBusServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianGuestApplicationsHackersHackersOSKernelRing3:UserModeWindowshypervisorVMBusBlackHat2007HypervisorPartitioningKernelPartitionisisolationboundaryFewvirtualizationfunctions;reliesonvirtualizationstackVerythinlayerofsoftwareMicrokernelHighlyreliableNodevicedriversTwoversions,oneforIntelandoneforAMDDriversrunintherootLeveragethelargebaseofWindowsdriversWell-definedinterfaceAllowotherstocreatesupportfortheirOSesasguestsBlackHat2007RunswithintherootpartitionPortionoftraditionalhypervisorthathasbeenpushedupandouttomakeamicro-hypervisorManagesguestpartitionsHandlesinterceptsEmulatesdevicesVirtualizationStackBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007GuestsareuntrustedRootmustbetrustedbyhypervisor;parentmustbetrustedbychildren.
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
- understoodwindowsserver相关文档
- 证书windowsserver
- warnedwindowsserver
- Serviceswindowsserver
- providerwindowsserver
- Maintainingwindowsserver
- 服务器windowsserver
青果网络618:洛杉矶CN2 GIA/东京CN2套餐年付199元起,国内高防独服套餐66折
青果网络怎么样?青果网络隶属于泉州市青果网络科技有限公司,青果网络商家成立于2015年4月1日,拥有工信部颁发的全网IDC/ISP/IP-VPN资质,是国内为数不多具有IDC/ISP双资质的综合型云计算服务商。青果网络是APNIC和CNNIC地址分配联盟成员,泉州市互联网协会会员单位,信誉非常有保障。目前,青果网络商家正式开启了618云特惠活动,针对国内外机房都有相应的优惠。点击进入:青果网络官方...
HostYun 新增可选洛杉矶/日本机房 全场9折月付19.8元起
关于HostYun主机商在之前也有几次分享,这个前身是我们可能熟悉的小众的HostShare商家,主要就是提供廉价主机,那时候官方还声称选择这个品牌的机器不要用于正式生产项目,如今这个品牌重新转变成Hostyun。目前提供的VPS主机包括KVM和XEN架构,数据中心可选日本、韩国、香港和美国的多个地区机房,电信双程CN2 GIA线路,香港和日本机房,均为国内直连线路,访问质量不错。今天和大家分享下...
星梦云-100G高防4H4G21M月付仅99元,成都/雅安/德阳
商家介绍:星梦云怎么样,星梦云好不好,资质齐全,IDC/ISP均有,从星梦云这边租的服务器均可以备案,属于一手资源,高防机柜、大带宽、高防IP业务,一手整C IP段,四川电信,星梦云专注四川高防服务器,成都服务器,雅安服务器,。活动优惠促销:1、成都电信夏日激情大宽带活动机(封锁UDP,不可解封):机房CPU内存硬盘带宽IP防护流量原价活动价开通方式成都电信优化线路2vCPU2G40G+60G21...
windowsserver为你推荐
-
虚拟主机价格谁知道租虚拟主机多少钱?中文域名注册查询中文域名注册怎么查询免费vps服务器如何免费搭建自己的vps服务器上海虚拟主机谁能告诉我杭州哪个公司的虚拟主机最好,机房最好是上海或浙江的.郑州虚拟主机什么是双线虚拟主机?windows虚拟主机windows10用什么虚拟机长沙虚拟主机长沙虚拟主机租用 哪里的比较靠谱 朋友介绍湘域互联的 有谁用过域名网站哪里可以给你免费的域名做个网站二级域名什么叫一级 二级域名动态域名解析每步动态域名解析