understoodwindowsserver
windowsserver 时间:2021-01-19 阅读:()
BlackHat2007WindowsServerVirtualization&WindowsServerVirtualization&TheWindowsHypervisorTheWindowsHypervisorBrandonBakerLeadSecurityEngineerWindowsKernelTeamMicrosoftCorporationBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WhyahypervisorThin,lowlevelmicrokernelEliminatesringcompressionRunsguestoperatingsystemsw/omodificationAddsdefenseindepthLeveragecurrent&futurehardwareScalabilityBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007WindowsServerVirtualizationBackgroundProjectcodenameViridianFullmachinevirtualizationforguestoperatingsystemsComponentofWindowsServer2008Finalversionavailablewithin180daysofWindowsServer2008RTMInstallsasaroleonServerCoreBlackHat2007WindowsServerVirtualizationBackgroundHasthreemajorcomponents:HypervisorVirtualizationStackVirtualDevicesHypervisorBasedTakesadvantageof(andrequires)processorvirtualizationextensionsSupportedonx64hardwareonly,32/64bitguestsupportBlackHat2007TheOldWayVirtualServerArchitectureWindowsServer2003orWindowsXPKernelVMMKernelVirtualServerServiceIISVirtualServerWebAppProvidedby:Providedby:WindowsWindowsISVISVVirtualServerVirtualServerServerHardwareHostRing1:GuestKernelModeWindows(NT4,2000,2003)VMAdditionsRing0:KernelModeRing3:UserModeGuestApplicationsGuestsDeviceDriversBlackHat2007RootVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversWindowshypervisorVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeRing3:UserModeVirtualizationServiceClients(VSCs)OSKernelEnlightenmentsVMBusGuestApplicationsServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianTheNewWayWSVArchitecturePartitionBlackHat2007VirtualizationAttacksRootPartitionVirtualizationServiceProviders(VSPs)WindowsKernelServerCoreDeviceDriversVirtualizationStackVMWorkerProcessesVMServiceWMIProviderGuestPartitionsRing0:KernelModeVirtualizationServiceClients(VSCs)EnlightenmentsVMBusServerHardwareProvidedby:Providedby:WindowsWindowsISVISVViridianViridianGuestApplicationsHackersHackersOSKernelRing3:UserModeWindowshypervisorVMBusBlackHat2007HypervisorPartitioningKernelPartitionisisolationboundaryFewvirtualizationfunctions;reliesonvirtualizationstackVerythinlayerofsoftwareMicrokernelHighlyreliableNodevicedriversTwoversions,oneforIntelandoneforAMDDriversrunintherootLeveragethelargebaseofWindowsdriversWell-definedinterfaceAllowotherstocreatesupportfortheirOSesasguestsBlackHat2007RunswithintherootpartitionPortionoftraditionalhypervisorthathasbeenpushedupandouttomakeamicro-hypervisorManagesguestpartitionsHandlesinterceptsEmulatesdevicesVirtualizationStackBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007GuestsareuntrustedRootmustbetrustedbyhypervisor;parentmustbetrustedbychildren.
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
Codewillruninallavailableprocessormodes,rings,andsegmentsHypercallinterfacewillbewelldocumentedandwidelyavailabletoattackers.
AllhypercallscanbeattemptedbyguestsCandetectyouarerunningonahypervisorWe'llevengiveyoutheversionTheinternaldesignofthehypervisorwillbewellunderstoodSecurityAssumptionsBlackHat2007SecurityGoalsStrongisolationbetweenpartitionsProtectconfidentialityandintegrityofguestdataSeparationUniquehypervisorresourcepoolsperguestSeparateworkerprocessesperguestGuest-to-parentcommunicationsoveruniquechannelsNon-interferenceGuestscannotaffectthecontentsofotherguests,parent,hypervisorGuestcomputationsprotectedfromotherguestsGuest-to-guestcommunicationsnotallowedthroughVMinterfacesBlackHat2007SecurityNon-GoalsThingswedon'tdoinWindowsServerVirtualization*Mitigatehardwarebleed-through(inferenceattacks)MitigatecovertchannelsGuaranteeavailabilityProtectguestsfromtherootProtectthehypervisorfromtherootUtilizetrustedhardwareTPM,DeviceAssignment,DMAprotection,SecureLaunch*atleast,notyetBlackHat2007WSVSecurityHardening(1/2)HypervisorhasseparateaddressspaceGuestaddresses!
=HypervisoraddressesNo3rdpartycodeintheHypervisorLimitednumberofchannelsfromgueststohypervisorNo"IOCTL"-likethingsGuesttoguestcommunicationthroughhypervisorisprohibitedNosharedmemorymappedbetweenguestsGuestsnevertouchrealhardwarei/oBlackHat2007WSVSecurityHardening(2/2)HypervisorbuiltwithStackguardcookies(/GS)HardwareNoeXecute(NX)CodepagesmarkedreadonlyMemoryguardpagesLimitedexceptionhandlingHypervisorbinaryissignedHypervisorandRootgoingthroughSDLThreatmodelingStaticAnalysisFuzztestingPenetrationtestingBlackHat2007HypervisorSecurityModelMemoryPhysicalAddresstoPartitionmapmaintainedbyHvParent/ChildownershipmodelonmemoryCansupersedeaccessrightsinguestpagetables(R,W,X)CPUHardwareguaranteescache®isterisolation,TLBflushing,instructioninterceptionI/OHypervisorenforcesParentpolicyforallguestaccesstoI/OportsWSVv1policyisguestshavenoaccesstorealhardwareHypervisorInterfacePartitionprivilegemodelGuestsaccesstohypercalls,instructions,MSRswithsecurityimpactenforcedbasedonParentpolicyWSVv1policyisguestshavenoaccesstoprivilegedinstructionsBlackHat2007WSVSecurityModelUsesAuthorizationManager(AzMan)FinegrainedauthorizationandaccesscontrolDepartmentandrolebasedSegregatewhocanmanagegroupsofVMsDefinespecificfunctionsforindividualsorrolesStart,stop,create,addhardware,changedriveimageVMadministratorsdon'thavetobeServer2008administratorsGuestresourcesarecontrolledbyperVMconfigurationfilesSharedresourcesareprotectedRead-only(CDISOfile)Copyonwrite(differencingdisks)BlackHat2007TimeVirtualizationThreetypesoftimeCalendartimeAffectedbyDaylightSavingschangesSourceisparent-createdvirtualRTCdeviceMachinetimeUnaffectedbyDaylightSavingschanges5secondsinthefuture,etc.
SourcesPer-VPvirtualizedAPICtimer(periodicorsingle-shot)Fourper-VPSynICtimers(periodicorsingle-shot)Per-partitionconstant-ratemonotonically-increasingreferencecounterSchedulingtimeHowlonghasthisprocessorbeenscheduledBlackHat2007TimeVirtualizationDesignChoiceHowtohandleRDTSCWhenaVirtualProcessor(VP)isintercepted,asingleinstructioncanappeartotakealongtime–namely,thetimeittakestoenterthehypervisor,performactions,andreturntoaguestTSCisrecordedandcanbemodifiedinguestcontrolstructure(VMCS/VMCB)"Allowittoadvancenaturally"JustleaveitaloneBut…AVPcanberescheduledonadifferentLP,whoseTSCcouldbesmallerCan'tallowTSCstojumpbackwardsintime"Modifyittoappearunchanged"OnentryintotheHv,recordguestTSC.
Onreturntoguest,reloadoriginalTSCvalueminussomeamountBut…Neverknowhowlongthereturninstructionwilltake(caches!
)StillobservableatacertaingranularitySomesoftwaredependsonknowingcyclecountsbetweeninstructionblocks(video/audiocodecs)So,weallowittoadvancenaturally,withaguaranteethatitwillneverappeartogobackwardsonagivenVPBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007DeploymentConsiderations(1/2)PatchingthehypervisorWindowsUpdateManaginglotsofvirtualmachinesSystemCenter–VirtualMachineManagerMinimizerisktotheRootPartitionUtilizeServerCoreDon'trunarbitraryapps,nowebsurfingRunyourappsandservicesinguestsConnecttoback-endmanagementnetworkOnlyexposegueststointernettrafficEnableNXandvirtualizationinBIOSBlackHat2007DeploymentConsiderations(2/2)Twovirtualmachinescan'thavethesamedegreeofisolationastwophysicalmachines:InferenceAttacksCovertChannelsNotrecommendedtohosttwoVMsofvastlydifferingtrustlevelsonthesamesysteme.
g.
afront-endwebserverandacertificateserverBlackHat2007Agenda-WindowsServerVirtualization(WSV)WhyahypervisorQuickBackground&ArchitectureFormoredetails,seepresentationonconferenceCDSecurityCharacteristicsDeploymentConsiderationsFutureDirectionsBlackHat2007FutureSecurityBenefitsManytypesofvirtualization(app,OS,machine)eachwithincreasinglevelsofisolation(andoverhead)PowerfultoolforvirusisolationandanalysisImprovedforensiccapabilityforcompromisedoperatingsystemsInvestmentsinOShardeningthroughhypervisorfeaturesPotentialforgreaterintra-OSisolation(e.
g.
Ring0separationofdrivers)VMscanbeleveragedforhostingsecurityappliancesBlackHat2007SecurityChallengesVMtoVMnetworkmonitoringManagingVMOSpatchlevelsLeakageofinformationbetweenpartitionsduetosharedhardwareLargerattacksurfacethanair-gappedmachinesHighavailability–SLAattacksThreatofmalicious,unauthorizedhypervisors(hypervisor-moderootkits)BlackHat2007FutureSecurityWorkSecureLaunchIntelTXTtm(senter)andAMDSVMtm(skinit)Givesmachineownerabilitytocontrolwhatcodecanusering-1PolicyenforcementinhardwaretoblocklaunchofunauthorizedhypervisorsAllowshypervisortoprotectitselfagainsttamperingDMARemappingIntelVT-dandAMDIOMMUGivesguestsgatedaccesstorealhardwareAllowshypervisortoprotectselfagainstDMAattackBlackHat20072007MicrosoftCorporation.
Allrightsreserved.
Thispresentationisforinformationalpurposesonly.
Microsoftmakesnowarranties,expressorimplied,inthissummary.
ConclusionHypervisorskickass.
BetaavailablewithServer2008RTMWewantyourfeedbackhttp://blogs.
technet.
com/virtualization/brandon.
baker@microsoft.
com
- understoodwindowsserver相关文档
- 证书windowsserver
- warnedwindowsserver
- Serviceswindowsserver
- providerwindowsserver
- Maintainingwindowsserver
- 服务器windowsserver
lcloud零云:沪港IPLC,70元/月/200Mbps端口/共享IPv4/KVM;成都/德阳/雅安独立服务器低至400元/月起
lcloud怎么样?lcloud零云,UOVZ新开的子站,现在沪港iplc KVM VPS有端午节优惠,年付双倍流量,200Mbps带宽,性价比高。100Mbps带宽,500GB月流量,10个,512MB内存,优惠后月付70元,年付700元。另有国内独立服务器租用,泉州、佛山、成都、德阳、雅安独立服务器低至400元/月起!点击进入:lcloud官方网站地址lcloud零云优惠码:优惠码:bMVbR...
阿里云秋季促销活动 轻量云服务器2G5M配置新购年60元
已经有一段时间没有分享阿里云服务商的促销活动,主要原因在于他们以前的促销都仅限新用户,而且我们大部分人都已经有过账户基本上促销活动和我们无缘。即便老用户可选新产品购买,也是比较配置较高的,所以就懒得分享。这不看到有阿里云金秋活动,有不错的促销活动可以允许产品新购。即便我们是老用户,但是比如你没有购买过他们轻量服务器,也是可以享受优惠活动的。这次轻量服务器在金秋活动中力度折扣比较大,2G5M配置年付...
Vultr VPS新增第18个数据中心 瑞典斯德哥尔摩欧洲VPS主机机房
前几天还在和做外贸业务的网友聊着有哪些欧洲机房的云服务器、VPS商家值得选择的。其中介绍他选择的还是我们熟悉的Vultr VPS服务商,拥有比较多达到17个数据中心,这不今天在登录VULTR商家的时候看到消息又新增一个新的机房。这算是第18个数据中心,也是欧洲VPS主机,地区是瑞典斯德哥尔摩。如果我们有需要欧洲机房的朋友现在就可以看到开通的机房中有可以选择瑞典机房。目前欧洲已经有五个机房可以选择,...
windowsserver为你推荐
-
租用主机哪个平台可以租电脑vps主机vps主机用途有哪些?虚拟主机申请域名申请以及虚拟主机jsp虚拟空间jsp虚拟主机有支持的吗100m网站空间100M的最好的网站空间价格多少?apache虚拟主机如何用Apache配置安全虚拟主机 - PHP进阶讨论安徽虚拟主机华夏网络科技有限公司的介绍美国虚拟主机推荐美国独立ip虚拟主机哪儿有,推荐下?www二级域名请问 www.aaa.bbb.com 是一级域名还是二级域名啊?能否备案?怎么备案?域名解析什么是域名解析,为什么要域名解析