346_Lunch_Orrin_VirtSec_Part2_v1.pdf

1From Virtualization vs. Security to Virtualization based Security Presenter: Steve Orrin, Director of Security Solutions Intel Corporation Agenda ? Security Challenges to Virtualization ? Solutions for Virtualization Security ? Security Challenges for Cloud Computing ? Virtualization Based Security ? Basic Concepts of Virtualization Sandboxing ? Usage Driven Isolation ? Summary 2Security Challenges to Virtualization ? New attack vector: Hyperjacking ? New attack vector: VM Jumping/Guest Hopping ? VMs and Network Security ? Compliance, Update and Patching Solutions for Virtualization Security ? Verified Launch and Secure Root of Trust ? Segmentation Hardening your VMM/VMs ? Virtualization Management, Security and Monitoring solutions ? Leveraging SaaS HyperJacking ? Virtualization allows multiple instances of an operating system to be run on a single box, greatly improving hardware utilization levels. ? Because the hypervisor actually runs underneath the operating system, it makes it a particular juicy target for nefarious types, hell bent on gaining control of computer servers. Get control of the hypervisor and you control everything running on the machine. ? Hyperjacking involves installing a rogue hypervisor that can take complete control of a server. Regular security measures are ineffective because the OS will not even be aware that the machine has been compromised. 3VM Rootkits: BluePill SubVirt Blue Pill/SubVirt use virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system. Before Infection After Infection SubVirt: Implementing malware with virtual machines Samuel King Peter Chen, University of Michigan Yi-Min Wang, Chad Verbowski, Helen Wang, Jacob Lorch, Microsoft Research BluePill Joanna Rutkowska, a researcher for COSEINC Intel? vPro? Technology ? Uses Intel? Virtualization Technology (Intel? VT) and Intel? Trusted Execution Technology (Intel? TXT) for creating a sepa