On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 305-316

  Pék, Gábor ^a   Lanzi, Andrea ^b   Srivastava, Abhinav ^c   Balzarotti, Davide ^d   Francillon, Aurélien ^d   Neumann, Christoph ^e  

^a BUDAPEST UNIVERSITY OF TECHNOLOGY AND ECONOMICS   (Hungary)

^b UNIVERSITY OF MILAN   (Italy)

^c AT AND T LABS RESEARCH   (United States)

^d EURECOM   (France)

^e Technicolor   (France)

Author keywords

DMA attack; I O virtualization; Interrupt attack; MMIO; Passthrough; PIO; Virtual Machine Monitor

Indexed keywords

AUDIO SYSTEMS; HARDWARE; JAVA PROGRAMMING LANGUAGE; RECONFIGURABLE HARDWARE; VIRTUAL REALITY;

DMA ATTACK; INTERRUPT ATTACK; MMIO; PASSTHROUGH; VIRTUAL MACHINE MONITORS; VIRTUALIZATIONS;

COMPUTER HARDWARE;

EID: 84948573889     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590299     Document Type: Conference Paper

References (51)

1. Amazon EC2. http:/aws.amazon.com/.
2. Google Compute Engine. https://cloud.google. com/products/compute-engine/.
3. Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, SOSP '07, pages 335-350, New York, NY, USA, 2007. ACM.
4. Zhi Wang and Xuxian Jiang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 380-395, Washington, DC, USA, 2010. IEEE Computer Society.
5. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, and Adrian Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy, pages 143-158, 2010.
6. Abel Gordon, Nadav Amit, Nadav Har'El, Muli Ben-Yehuda, Alex Landau, Assaf Schuster, and Dan Tsafrir. ELI: bare-metal performance for I/O virtualization. SIGARCH Comput. Archit. News, 40(1):411-422, March 2012.
7. Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 38-49, New York, NY, USA, 2010. ACM.
8. Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. Nohype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture, ISCA '10, pages 350-361, New York, NY, USA, 2010. ACM.
9. Rafal Wojtczuk and Joanna Rutkowska. Following the White Rabbit: Software attacks against IntelR VT-d technology, April 2011.
10. Rafal Wojtczuk. Subverting the Xen Hypervisor - Xen Owning Trilogy part I. Black Hat USA, aug 2008.
11. Rafal Wojtczuk. Preventing and Detecting Xen Hypervisor Subversions - Xen Owning Trilogy part II. Black Hat USA, aug 2008.
12. Joanna Rutkowska and Alexander Tereshkin. Bluepilling the Xen Hypervisor - Xen Owning Trilogy part III. Black Hat USA, aug 2008.
13. Fernand Lone Sang, Eric Lacombe, Vincent Nicomette, and Yves Deswarte. Exploiting an I/OMMU vulnerability. MALWARE, 2010.
14. Patrick Stewin and Iurii Bystrov. Understanding DMA Malware. In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.
15. AMD. AMD 64 Architecture Programmer's Manual: Volume 2: System Programming. AMD Pub. no. 24593 rev. 3.20, 2011.
16. Intel. IntelR 64 and IA-32 Architectures Software Developer's Manual - Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C, Aug 2012.
17. Jiuxing Liu. Evaluating standard-based self-virtualizing devices: A performance study on 10 GbE NICs with SR-IOV support. In IEEE Int'l Parallel & Distributed Processing Symp. (IPDPS), pages 1-12, April 2010.
18. Jiuxing Liu, Wei Huang, Bulent Abali, and Dhabaleswar K. Panda. High performance VMM-bypass I/O in virtual machines. In Proceedings of the annual conference on USENIX '06 Annual Technical Conference, ATEC '06, pages 3-3, Berkeley, CA, USA, 2006. USENIX Association.
19. Himanshu Raj and Karsten Schwan. High performance and scalable I/O virtualization via self-virtualized devices. In Proceedings of the 16th international symposium on High performance distributed computing, HPDC '07, pages 179-188, New York, NY, USA, 2007. ACM.
20. P. Willmann, J. Shafer, D. Carr, A. Menon, S. Rixner, A.L. Cox, and W. Zwaenepoel. Concurrent direct network access for virtual machine monitors. In High Performance Computer Architecture, 2007. HPCA 2007. IEEE 13th International Symposium on, pages 306 -317, feb. 2007.
21. Ben-Ami Yassour, Muli Ben-Yehuda, and Orit Wasserman. Direct device assignment for untrusted fully-virtualized virtual machines. Technical report, 2008.
22. Thomas Ball, Ella Bounimova, Byron Cook, Vladimir Levin, Jakob Lichtenberg, Con McGarvey, Bohus Ondrusek, Sriram K. Rajamani, and Abdullah Ustuner. Thorough static analysis of device drivers. SIGOPS Oper. Syst. Rev., 40(4):73-85, April 2006.
23. Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. Failure resilience for device drivers. In Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN '07, pages 41-50, Washington, DC, USA, 2007. IEEE Computer Society.
24. Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, and Stefan Götz. Unmodified device driver reuse and improved system dependability via virtual machines. In Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6, OSDI'04, pages 2-2, Berkeley, CA, USA, 2004. USENIX Association.
25. Dan Williams, Patrick Reynolds, Kevin Walsh, Emin Gün Sirer, and Fred B. Schneider. Device driver safety through a reference validation mechanism. In Proceedings of the 8th USENIX conference on Operating systems design and implementation, OSDI'08, pages 241-254, Berkeley, CA, USA, 2008. USENIX Association.
26. Intel. IntelR Virtualization Technology for Directed I/O. IntelR Technology Journal, 10, August 2006.
27. Intel. IntelR Virtualization Technology for Directed I/O, Feb 2011.
28. Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP '03, pages 164-177, New York, NY, USA, 2003. ACM.
29. Intel. Intel 6 Series Chipset and Intel C200 Series Chipset. May 2011.
30. Zongwei Zhou, Virgil D. Gligor, James Newsome, and Jonathan M. McCune. Building verifiable trusted path on commodity x86 computers. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 616-630, Washington, DC, USA, 2012. IEEE Computer Society.
31. Loïc Duflot and Laurent Absil. Programmed I/O accesses: a threat to Virtual Machine Monitors? PacSec, 2007.
32. Intel. Intel Graphics Virtualization on KVM. KVM Forum, Aug 2011.
33. Emulation of PCI configuration space access. http://xenbits.xen.org/hg/xen-4.2-testing.hg/rev/1ac2a314aa3c.
34. Joanna Rutkowska. pciback: question about the permissive flag. XEN-devel mailing list, Available at http://old-list-archives.xenproject.org/ archives/html/xen-devel/2010-07/ msg00257.html, July 2010.
35. Sam Fleming. Accessing PCI Express∗ Configuration Registers Using Intel Chipsets. December 2008.
36. Nadav Amit, Muli Ben-Yehuda, Dan Tsafrir, and Assaf Schuster. vIOMMU: efficient IOMMU emulation. In Proceedings of the 2011 USENIX conference on USENIX annual technical conference, USENIXATC'11, pages 6-6, Berkeley, CA, USA, 2011. USENIX Association.
37. XSA-59 blog. http://www.gossamer-threads. com/lists/xen/devel/318464?page=last.
38. Gábor Pék, Levente Buttyán, and Boldizsár Bencsáth. A survey of security issues in hardware virtualization. ACM Comput. Surv., 45(3):40:1-40:34, July 2013.
39. Intel. Universal Host Controller Interface (UHCI), Mar 1996.
40. Loïc Duflot. Contribution à la sécurité des systémes d'exploitation et des microprocesseurs. In PhD thesis, Universite de Paris, Oct 2007.
41. David Maynor. Own3d by everything else - USB/PCMCIA Issues. CanSecWest/core05, May 2005.
42. Brian D. Carrier and Joe Grand. A hardware-based memory acquisition procedure for digital investigations. Digital Investigation, 2004.
43. Christophe Devine and Guillaume Vissian. Compromission physique par le bus PCI. In Proceedings of the 7th Symposium sur la Sécurité des Technologies de l'Information et des Communications, SSITC 2009, pages 169-193, June 2009.
44. Damien Aumaitre. Voyage au coeur de la mémoire. In Proceedings of the 6th Symposium sur la Sécurité des Technologies de l'Information et des Communications, SSITC 2008, pages 378-437, June 2008.
45. Adam Boileau. Hit by a Bus: Physical Access Attacks with Firewire. Ruxcon, 2006.
46. Maximillian Dornseif. Owned by an iPod. PacSec, 2004.
47. Michael Becher, Maximillian Dornseif, and Christian N. Klein. FireWire - all your memory are belong to us. CanSecWest/core05, May 2005.
48. Antonio Martinm. FireWire memory dump of a windows XP computer: a forensic approach. Technical report, 2007.
49. Alexander Tereshkin and Rafal Wojtczuk. Introducing Ring -3 Rootkits. Black Hat USA, 2009.
50. Kevin Müller, Daniel Münch, Ole Isfort, Michael Paulitsch, and Georg Sigl. Decreasing system availability on an avionic multicore processor using directly assigned pci express devices. In EUROSEC 2013, Apr 2013. Prag.
51. Rafal Wojtczuk, Joanna Rutkowska, and Alexander Tereshkin. Another Way to Circumvent Intel Trusted Execution Technology, December 2009.