Virtualization

(Wake up Neo, The Matrix got you)

Emmanuel Fleury
LaBRI, Office 261
<[email protected]>

October 2nd, 2007

1
 Outline

1. History
2. Usages
3. Basic Principles & Concepts
4. Types of Virtualization
5. Detecting Virtualization
6. Linux Virtualization Projects

2
 History of Virtualization
1960's: First concepts (Christopher Strachey)
1970's: IBM 360/40: CP/CMS
1980's: Memory Management Unit
1990's: Java Virtual Machine
1998: Creation of VMWare
2000's: Microsoft .NET
2000's: Honeypots / Jails
2006: AMD/Intel Hardware Virtualization

3
 Usages of Virtualization
Programming Teaching
– Tracing Programs (debug) – Isolation
– Keep System Safe for Rerun – Easy to restore
– Testing portability – Hardware Simulation
(multi-OSes on one computer) (CPU, devices, network)

Security
– Isolation (jail)
– Redundancy (high-availibility)
– Tracing Users (honeypot)

4
 Basic Principles & Concepts

Virtualization: Framework or methodology of

dividing the resources of a computer into
multiple execution environments.

Types of Virtualization:
Platform Virtualization: Simulate a full computer environment
(Our current concern).
Resource Virtualization: Simulate combined, fragmented or
simplified computer resources
(RAID, NAT, VPN, ...).

5
 The Role of an OS
Program A

Operating
Program B
System Memory
Scheduler
Program C

CPU2 CPU1

Abstract from the Hardware !

6
 Basic Principles & Concepts

Same role than an OS

BUT !
Virtualization has something more !

Principles:
● Memory Isolation from 'Outside'
● Provides (Virtual) Access to Hardware
● Can Handles Multiple Instances

7
 Main Keywords

Hypervisor (aka Virtual Machine Manager):

Program providing the virtualization platform.

Host OS (aka Supervisor):

Operating System on which is executed the Hypervisor.

Guest OS:
Operating System executed inside the Hypervisor.

Virtual Machine (VM):

Instance of one environment provided by the Hypervisor.
8
 Types of Virtualization
● Address-space Virtualization
(Process Isolation)
● OS-level Virtualization
(User Isolation)
● Hardware Emulation
(CPU Simulation)
● Full Virtualization
(provide an interface to Host OS device drivers)
● Paravirtualization
(provide specific virtual device drivers)
● Hardware Virtualization
(Hardware memory isolation)

9
 Address-space Virtualization
Isolation:
4Gb
Kernel Kernel
● Separation kernel/user space through
space space hardware (MMU).

3Gb ● Direct data exchanges are prevented

by Operating System.

Hardware:
● Kernel space handle requests to
User User
hardware.
space space
Multiple Instances:
● Process creation is done through
cloning.

10
 Address-space Virtualization

● Most common on OSes

Process

Process

Process
Process
● Prevent programs to crash
each others
● OS-level protection

Host OS

Hardware
11
 OS-level Virtualization
(Process isolation)

Host OS is instrumented
to enforce separation
from outside.
Process
Process

Process

Process
Example:
chroot, jail, Linux VServer

chroot
Host OS
Hardware
12
 Hardware Emulation
● Guest OS not modified
Guest OS

Guest OS

Guest OS
● Poor Performances
(CPU instructions translated from Guest
platform to host platform)
● Poor specialized access to hardware
devices (3D acceleration)
Device Device Device
Drivers Drivers Drivers ● Can provide other CPU than Host

Hypervisor Virtual Machine

Host OS
Hardware
13
 Full Virtualization
● Virtual Processor
(mediator to host hardware)

Guest OS
Guest OS

Guest OS
(can't emulate other hardware)
● Better performances compared
to Emulation
● But still poor specialized access
to hardware devices Virtual Machine

Host OS Hypervisor

Device Drivers

Hardware
14
 Paravirtualization

● Guest OS must be modified to be

used (ensuring compatibility with

Guest OS
Guest OS

Guest OS
virtual drivers)
● Efficient but restricted access to the
hardware.
● Can't provide any architecture.
Device Device Device
Drivers Drivers Drivers

Host OS Hypervisor

Hardware
15
 Hardware Virtualization
● CPU is NOT emulated
● Guest OS are unmodified
● High performance
● Requires specific CPU:

Guest OS
Guest OS

Guest OS
Intel-VT or AMDV CPU
● Host OS handle the hardware
hypervisor

Host OS Device
Drivers
Device
Drivers
Device
Drivers

Hardware Hypervisor

16
 Detecting Virtualization
● Hardware Strangeness
(CPU, graphic card, network, extra device, ...)

● Memory Weirdness
(grep -c vmware /proc/kcore)

● Runtime Oddness
(gdb might unveil strange memory addresses, lower or higher than usual)

● Timing Attacks
(how long does a CPUID request take ?)
● ... and so on ...
17
 Virtualization
Softwares & Hardwares
AMD-V OpenVZ (OS-level virtualization)
(hardware virtualization)
Qemu (emulation)
chroot (OS-level virtualization)
Bochs (emulation) User-Mode Linux
(paravirtualization)
BSD Jail
(OS-level virtualization) VirtualBox
(full-virtualization,
Intel-VT hardware virtualization)
(hardware virtualization)
VMWare
Linux KVM (full-virtualization,
(hardware virtualization) hardware virtualization)

Linux VServer Xen (paravirtualization)

(OS-level virtualization)
18
 chroot
● chroot is implemented as an extra 'rootdir' field in
processes
● Only root (UID 0) can change it to a deeper value.
● Most of the people think that you cannot escape
without killing the process (this is wrong)
● Several methods exist to escape once root
● Remember that chroot is NOT a security when root-
access is possible.
Demo
19
 BSD jail
BSD family of operating systems have implemented
the “securelevel” mechanism which allows the
administrator to block certain configuration and
management functions from being performed by root.
● Modifying the kernel by direct access and loading kernel modules is prohibited.
● Modifying any of the network configuration, interfaces, addresses, and routing table is
prohibited.
● Mounting and unmounting file systems is prohibited.
● Creating device nodes is prohibited.
● Accessing raw, divert, or routing sockets is prohibited.
● Modifying kernel runtime parameters, such as most sysctl settings, is prohibited.
● Changing securelevel-related file flags is prohibited.
● Accessing network resources not associated with the jail is prohibited.
20
 BSD jail (what is allowed!)
BSD family of operating systems have implemented
the “securelevel” mechanism which allows the
administrator to block certain configuration and
management functions from being performed by root.
● Signalling any process within the jail is permitted.
● Changing the ownership and mode of any file within the jail is permitted, as long as
the file flags permit this.
● Deleting any file within the jail is permitted, as long as the file flags permit this.
● Binding reserved TCP and UDP port numbers on the jails IP address is permitted.
(Attempts to bind TCP and UDP ports using INADDR_ANY will be redirected to the
jails IP address.).
● Functions which operate on the uid/gid space are all permitted since they act as
labels for filesystem objects of proceses which are partitioned off by other
mechanisms.

21
 AMD-V (Pacifica)

TODO

22
 Intel-VT
● VT-x add two more CPU operation mode:
– VMX root operation (behave as usual)
– VMX non-root operation (virtual mode)

VMX_entry

VMX root VMX non-root VMCS Data

guest-state area
VMX_exit

host-state area
Many assembler instructions cause a VM_exit (e.g. INVD).
It may be used for timing attacks.

23
Questions ?

24