On the Limits of Hypervisor- and Virtual Machine Monitor-Based Isolation

Entrée en langue anglaise / English entry Catégorie: Chapitre de livre
Auteurs: Loïc Duflot, Olivier Grumelard, Olivier Levillain et Benjamin Morin
Date: 2010
Série: Hardware Architecture and Trust Models

Hardware-related attacks are seldom considered to be realistic by op- erating systems or virtual machine monitor designers. For instance, it is generally assumed that attackers will not be able to use hardware bugs as a means for privi- lege escalation over a system. However, during the past few years, there has been an important number of publications or presentations showing how hardware bugs or undocumented functions can be used by attackers. In this paper, we study the impact of these new threats on compartmented (or multilevel) systems. One of the contri- butions of this paper is to provide a description of software- and hardware-related threats on hypervisor- and virtual machine monitor-based systems; we also describe how they apply, depending on which software and hardware components can be considered trustworthy. We show that even when the motherboard of the platform itself is trustworthy, attackers can still find ways to bypass virtual machine monitor- enforced security policies. As a case study, we focus on the impact RAM module bugs or backdoors would have on hypervisor- and virtual machine monitor-based isolation. To our knowledge, this paper is the first attempt to analyze what a RAM backdoor could be and how it could be used in practice by an attacker.

Publié dans Towards Hardware-Intrinsic Security - Foundations and Practice (Springer), chapitre 16 (pages 349 à 366)