DOCSLIB.ORG

Many Things Related to Qubesos

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Qubes OS Many things Many things related to QubesOS Author: Neowutran Contents 1 Wiping VM 2 1.1 Low level storage technologies .................. 2 1.1.1 Must read ......................... 2 1.1.2 TL;DR of my understanding of the issue ........ 2 1.1.3 Things that could by implemented by QubesOS .... 2 2 Create a Gaming HVM 2 2.1 References ............................. 2 2.2 Prerequise ............................. 3 2.3 Hardware ............................. 3 2.4 Checklist .............................. 4 2.5 IOMMU Group .......................... 4 2.6 GRUB modification ........................ 4 2.7 Patching stubdom-linux-rootfs.gz ................ 5 2.8 Pass the GPU ........................... 6 2.9 Conclusion ............................. 6 2.10 Bugs ................................ 6 3 Create a Linux Gaming HVM, integrated with QubesOS 7 3.1 Goals ................................ 7 3.2 Hardware used .......................... 7 3.3 Main steps summary ....................... 7 3.3.1 Detailled steps ...................... 8 3.3.2 Using a kernel provided by debian ............ 8 3.4 Xorg ................................ 8 3.4.1 Pulseaudio ......................... 11 3.5 Final notes ............................ 11 3.6 References ............................. 12 4 Nitrokey and QubeOS 12 5 Recovery: Mount disk 12 6 Disposable VM 13 6.1 Introduction ............................ 14 6.1.1 References ......................... 14 6.1.2 What is a disposable VM? ................ 14 6.2 Playing online video ....................... 14 6.3 Web browsing ........................... 15 6.4 Manipulating untrusted files/data ................ 16 1 6.5 Mounting LVM image ...................... 17 6.6 Replace sys-* VM ......................... 18 6.7 Replace some AppVMs ...................... 18 7 Building a new QubesOS package 18 7.1 References ............................. 18 7.2 Goal ................................ 18 7.3 The software ............................ 19 7.4 Packaging ............................. 19 7.5 Building .............................. 21 2 1 Wiping VM Before starting this section, it should be noted that I don’t have a prior low level knownledge of data wiping. This section is some thinkings about how can we assure that a file have been deleted. And in our context, the goal would be to wipe out a LVM image. 1.1 Low level storage technologies 1.1.1 Must read • Wei.pdf • how-can-i-reliably-erase-all-information-on-a-hard-drive • https://www.sans.org/blog/spin-stand-microscopy-of-hard-disk-data/ • https://www.vidarholen.net/ vidar/overwriting_hard_drive_data.pdf • https://wiki.archlinux.org/index.php/Securely_wipe_disk 1.1.2 TL;DR of my understanding of the issue Magnetic disk have non physical way of wiping data that are considered as relatively reliable. SSD are a nightmare to wipe anything, and in most of the cases, it is impossible. 1.1.3 Things that could by implemented by QubesOS TODO. Links to the ongoing discussion on the subjects. But basically my idea: encryption, and store the encryption key on a specific physical device that can be logically destroyed (HDD ?), or that can be easily physically destroyed (MicroSD ?) TODO 2 Create a Gaming HVM 2.1 References Everythings needed is referenced here 3 • Usefull technical details • Reddit thread of what is needed for GPU passthrough • Solution to have more than 3Go of RAM in the Windows HVM • Some old references 2.2 Prerequise You have a functional Windows HVM (Windows 7 or Windows 10). The "how to" for this part can be found on the Qubes OS documentation and here: Usefull github comment. However, few tips: • Do a backup (clone VM) of the Windows HVM BEFORE starting to install QWT (installing QWT is not required) 2.3 Hardware To have a Windows HVM for gaming, you must have: • A dedicated AMD GPU. By dedicated, it means: it is a secondary GPU, not the GPU used to display dom0. Nvidia GPU are not sup- ported (or maybe with a lot of tricks). • A really fast disk (M.2 disk) • A lot of RAM • A dedicated screen • Dedicated gaming mouse and keyboard In my case: • Secondary GPU: AMD RX580 • Primary GPU: Some Nvidia trash, used for dom0 • 32Go of RAM. 12Go of RAM will be dedicated for the Windows HVM • A fast M.2 disk 4 2.4 Checklist Short list of things to do to make the GPU passthrough work: • You verified and confirmed that the secondary GPU is alone in its IOMMU Group • In dom0, you edited the file /etc/default/grub or /boot/efi/EFI/qubes/xen.cfg to allow PCI hiding for your secondary GPU, and regenerated the grub if needed • You have patched stubdom-linux-rootfs.gz to allow to have more than 3Go of RAM for your HVM 2.5 IOMMU Group Warning: I am far from understanding the IOMMU group. Check online references on that subject. It seems that you can only do a successfull GPU passthough if you can passthrough everything that is in the IOMMU Group of the GPU. Also, you can’t see your IOMMU Group when you are using Xen (the information is hidden from dom0). So, what I did: I booted from a Linux Mint Live USB. In the grub I enabled the IOMMU (iommu=1 iommu_amd=on), and then displayed the folder structure of /sys/kernel/iommu_group tree /sys/kernel/iommu_group My secondary GPU was alone in its IOMMU group. 2.6 GRUB modification You must hide your secondary GPU from dom0. To do that, you have to edit the GRUB. In a dom0 Terminal, type: qvm-pci Then find the devices id for your secondary gpu. In my case, it is dom0:0a_00.0 and dom0:0a_00.1. Edit /etc/default/grub, and add the PCI hiding GRUB_CMDLINE_LINUX="... rd.qubes.hide_pci=0a:00.0,0a:00.1 " then regenerate the grub grub2-mkconfig -o /boot/grub2/grub.cfg 5 2.7 Patching stubdom-linux-rootfs.gz Follow the instructions here: github.com/QubesOS/qubes-issues/issues/4321 Copy-paste of the comment: This is caused by the default TOLUD (Top of Low Usable DRAM) of 3.75G provided by qemu not being large enough to accommodate the larger BARs that a graphics card typically has. The code to pass a custom max- ram-below-4g value to the qemu command line does exist in the libxl_dm.c file of xen, but there is no functionality in libvirt to add this parameter. It is possible to manually add this parameter to the qemu commandline by doing the following in a dom0 terminal: mkdir stubroot cp /usr/lib/xen/boot/stubdom-linux-rootfs ,! stubroot/stubdom-linux-rootfs.gz cd stubroot gunzip stubdom-linux-rootfs.gz cpio -i -d -H newc --no-absolute-filenames < ,! stubdom-linux-rootfs rm stubdom-linux-rootfs nano init Before the line "#$dm_args and $kernel are separated with \x1b to allow for spaces in arguments." add: SP=$'\x1b' dm_args=$(echo "$dm_args" \ | sed "s/-machine\\${SP}xenfv/-machine\ \\${SP}xenfv,max-ram-below-4g=3.5G/g") Then execute: find . -print0 | cpio --null -ov \ --format=newc | gzip -9 > ../stubdom-linux-rootfs sudo mv ../stubdom-linux-rootfs /usr/lib/xen/boot/ Note that this will apply the change to all HVMs, so if you have any other HVM with more than 3.5G ram assigned, they will not start without the adapter being passed through. Ideally to fix this libvirt should be extended to pass the max-ram-below-4g parameter through to xen, and then a calculation added to determine the correct TOLUD based on the total BAR size of the PCI devices are being passed through to the vm. 6 2.8 Pass the GPU In qubes settings for the windows HVM, go to the "devices" tab, pass the ID corresponding to your AMD GPU. (in my case, it was 0a:00.0 and 0a:00.1) And check the option for "nostrict reset" for those 2. In some case, you might also need to set the "permissive" flag to true (But I didn’t need that with the RX 580): qvm-pci attach windows-hvm dom0:0a_00.0 -o permissive=True -o ,! no-strict-reset=True qvm-pci attach windows-hvm dom0:0a_00.1 -o permissive=True -o ,! no-strict-reset=True 2.9 Conclusion Don’t forget to install the GPU drivers, you can install the official one from AMD website, no modification or trick to do. Nothing else is required to make it work (in my case at least, once I finish to fight to find those informations). If you have issues, you can refer to the links in the first sections. If it doesn’t work and you need to debug more things, you can go deeper. • Virsh (start, define, ...) • /etc/libvirt/libxl/ • xl • /etc/qubes/templates/libvirt/xen/by-name/ • /usr/lib/xen/boot/ • virsh -c xen:/// domxml-to-native xen-xm /etc/libvirt/libxl/... I am able to play games on my windows HVM with very good perfor- mances. And safely. 2.10 Bugs The AMD GPUs have a bug when used in HVM: each time you will reboot your windows HVM, it will get slower and slower. It is because the AMD GPUs is not correctly resetted when you restart your windows HVM Two solutions for that: • Reboot your computer 7 • In the windows HVM, use to windows option in the system tray to "safely remove devices", remove your GPU. Restart the HVM. This bug is referenced somewhere, but lost the link and too lazy to search for it. 3 Create a Linux Gaming HVM, integrated with QubesOS 3.1 Goals We want a qube with the following characteristics: • Standalone linux from a template • With GPU passthough • Full Qubes integration • Able to play video games from Steam 3.2 Hardware used The same as for my article "Create a Gaming HVM". Prerequise You already followed my article "Create a Gaming HVM" 3.3 Main steps summary 1. Create a standalone qube based on a debian template 2.
Recommended publications
  • Effective Virtual CPU Configuration with QEMU and Libvirt

    Effective Virtual CPU Configuration with QEMU and Libvirt

    Effective Virtual CPU Configuration with QEMU and libvirt Kashyap Chamarthy <[email protected]> Open Source Summit Edinburgh, 2018 1 / 38 Timeline of recent CPU flaws, 2018 (a) Jan 03 • Spectre v1: Bounds Check Bypass Jan 03 • Spectre v2: Branch Target Injection Jan 03 • Meltdown: Rogue Data Cache Load May 21 • Spectre-NG: Speculative Store Bypass Jun 21 • TLBleed: Side-channel attack over shared TLBs 2 / 38 Timeline of recent CPU flaws, 2018 (b) Jun 29 • NetSpectre: Side-channel attack over local network Jul 10 • Spectre-NG: Bounds Check Bypass Store Aug 14 • L1TF: "L1 Terminal Fault" ... • ? 3 / 38 Related talks in the ‘References’ section Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications What this talk is not about 4 / 38 Related talks in the ‘References’ section What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications 4 / 38 What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications Related talks in the ‘References’ section 4 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP QEMU QEMU VM1 VM2 Custom Disk1 Disk2 Appliance ioctl() KVM-based virtualization components Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP Custom Appliance KVM-based virtualization components QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) Custom Appliance KVM-based virtualization components libvirtd QMP QMP QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 libguestfs (guestfish) Custom Appliance KVM-based virtualization components OpenStack, et al.
  • QEMU Parameter Jungle Slides

    QEMU Parameter Jungle Slides

    Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth <[email protected]> Legal ● Disclaimer: Opinions are my own and not necessarily the views of my employer ● “Jungle Leaves” background license: CC BY 3.0 US : https://creativecommons.org/licenses/by/3.0/us/ Image has been modified from the original at: https://www.freevector.com/jungle-leaves-vector-background 2 Introduction 3 Why a guide through the QEMU parameter jungle? 4 Why a guide through the QEMU parameter jungle? ● QEMU is a big project, supports lots of emulated devices, and lots of host backends ● 15 years of development → a lot of legacy ● $ qemu-system-i386 -h | wc -l 454 ● People regularly ask about CLI problems on mailing lists or in the IRC channels → Use libvirt, virt-manager, etc. if you just want an easier way to run a VM 5 General Know-How ● QEMU does not distinguish single-dash options from double-dash options: -h = --h = -help = --help ● QEMU starts with a set of default devices, e.g. a NIC and a VGA card. If you don't want this: --nodefaults or suppress certain default devices: --vga none --net none 6 Getting help about the options ● Parameter overview: -h or --help (of course) ● Many parameters provide info with “help”: --accel help ● Especially, use this to list available devices: --device help ● To list parameters of a device: --device e1000,help ● To list parameters of a machine: --machine q35,help 7 e1000 example ● $ qemu-system-x86_64 --device e1000,help [...] e1000.addr=int32 (PCI slot and function¼) e1000.x-pcie-extcap-init=bool (on/off) e1000.extra_mac_registers=bool (on/off) e1000.mac=str (Ethernet 6-byte MAC Address¼) e1000.netdev=str (ID of a netdev backend) ● $ qemu-system-x86_64 --device \ e1000,mac=52:54:00:12:34:56,addr=06.0 8 General Know How: Guest and Host There are always two parts of an emulated device: ● Emulated guest hardware, e.g.: --device e1000 ● The backend in the host, e.g.: --netdev tap Make sure to use right set of parameters for configuration! 9 “Classes” of QEMU parameters ● Convenience : Easy to use, but often limited scope.
  • Github: a Case Study of Linux/BSD Perceptions from Microsoft's

    Github: a Case Study of Linux/BSD Perceptions from Microsoft's

    1 FLOSS != GitHub: A Case Study of Linux/BSD Perceptions from Microsoft’s Acquisition of GitHub Raula Gaikovina Kula∗, Hideki Hata∗, Kenichi Matsumoto∗ ∗Nara Institute of Science and Technology, Japan {raula-k, hata, matumoto}@is.naist.jp Abstract—In 2018, the software industry giants Microsoft made has had its share of disagreements with Microsoft [6], [7], a move into the Open Source world by completing the acquisition [8], [9], the only reported negative opinion of free software of mega Open Source platform, GitHub. This acquisition was not community has different attitudes towards GitHub is the idea without controversy, as it is well-known that the free software communities includes not only the ability to use software freely, of ‘forking’ so far, as it it is considered as a danger to FLOSS but also the libre nature in Open Source Software. In this study, development [10]. our aim is to explore these perceptions in FLOSS developers. We In this paper, we report on how external events such as conducted a survey that covered traditional FLOSS source Linux, acquisition of the open source platform by a closed source and BSD communities and received 246 developer responses. organization triggers a FLOSS developers such the Linux/ The results of the survey confirm that the free community did trigger some communities to move away from GitHub and raised BSD Free Software communities. discussions into free and open software on the GitHub platform. The study reminds us that although GitHub is influential and II. TARGET SUBJECTS AND SURVEY DESIGN trendy, it does not representative all FLOSS communities.
  • QEMU for Xen Secure by Default

    QEMU for Xen Secure by Default

    QEMU for Xen secure by default Deprivileging the PC system emulator Ian Jackson <[email protected]> FOSDEM 2016 with assistance from Stefano Stabellini guest guest Xen PV driver IDE driver Xen PV protocol mmio, dma, etc. qemu Emulated IDE controller Xen PV backend (usually), syscalls (usually) dom0 (usu.dom0) kernel Device driver kernel Device driver PV HVM ... ... ... ... ... from Xen Security Team advisories page, http://xenbits.xen.org/xsa/ Xen on x86 modes, and device model bug implications Current status for users of upstream Xen and distros and future plans Status Device model Notes bugs mean PV Fully supported Safe (no DM) Only modified guests HVM qemu in dom0 Fully supported Vulnerable Current default as root HVM qemu stub DM Upstream but not Safe Ancient qemu qemu-xen-trad. in most distros. Build system problems HVM qemu stub DM In progress Safe Rump build system rump kernel Hard work! is mini distro HVM qemu dom0 Targeting No privilege esc. Defence in depth not as root Xen 4.7 Maybe dom0 DoS Hopefully, will be default Xen on x86 modes, and device model bug implications Current status for users of upstream Xen and distros and future plans Status Device model Notes bugs mean PV Fully supported Safe (no DM) Only modified guests HVM qemu in dom0 Fully supported Vulnerable Current default as root HVM qemu stub DM Upstream but not Safe Ancient qemu qemu-xen-trad. in most distros. Build system problems HVM qemu stub DM In progress Safe Rump build system rump kernel Hard work! is mini distro HVM qemu dom0 Targeting No privilege esc.
  • Hyperlink: Virtual Machine Introspection and Memory Forensic Analysis Without Kernel Source Code Jidong Xiao Boise State University

    Hyperlink: Virtual Machine Introspection and Memory Forensic Analysis Without Kernel Source Code Jidong Xiao Boise State University

    Boise State University ScholarWorks Computer Science Faculty Publications and Department of Computer Science Presentations 1-1-2016 HyperLink: Virtual Machine Introspection and Memory Forensic Analysis without Kernel Source Code Jidong Xiao Boise State University Lei Lu VMware Inc. Haining Wang University of Delaware Xiaoyun Zhu Futurewei Technologies © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. doi: 10.1109/ICAC.2016.46 HyperLink: Virtual Machine Introspection and Memory Forensic Analysis without Kernel Source Code Jidong Xiao∗, Lei Luy, Haining Wangz, Xiaoyun Zhux ∗Boise State University, Boise, Idaho, USA yVMware Inc., Palo Alto, California, USA zUniversity of Delaware, Newark, Delaware, USA xFuturewei Technologies, Santa Clara, California, USA Abstract— Virtual Machine Introspection (VMI) is an ap- nel rootkit detection [8], [9], kernel integrity protection [10], proach to inspecting and analyzing the software running inside a and detection of covertly executing binaries [11]. Being the virtual machine from the hypervisor. Similarly, memory forensics main enabling technology for cloud computing, virtualiza- analyzes the memory snapshots or dumps to understand the tion allows us allocating finite hardware resources among runtime state of a physical or virtual machine. The existing VMI a large number of software systems and programs. As the and memory forensic tools rely on up-to-date kernel information key component of virtualization, a hypervisor runs directly of the target operating system (OS) to work properly, which often requires the availability of the kernel source code.
  • Hardware Virtualization

    Hardware Virtualization

    Hardware Virtualization E-516 Cloud Computing 1 / 33 Virtualization Virtualization is a vital technique employed throughout the OS Given a physical resource, expose a virtual resource through layering and enforced modularity Users of the virtual resource (usually) cannot tell the difference Different forms: Multiplexing: Expose many virtual resources Aggregation: Combine many physical resources [RAID, Memory] Emulation: Provide a different virtual resource 2 / 33 Virtualization in Operating Systems Virtualizing CPU enables us to run multiple concurrent processes Mechanism: Time-division multiplexing and context switching Provides multiplexing and isolation Similarly, virtualizing memory provides each process the illusion/abstraction of a large, contiguous, and isolated “virtual” memory Virtualizing a resource enables safe multiplexing 3 / 33 Virtual Machines: Virtualizing the hardware Software abstraction Behaves like hardware Encapsulates all OS and application state Virtualization layer (aka Hypervisor) Extra level of indirection Decouples hardware and the OS Enforces isolation Multiplexes physical hardware across VMs 4 / 33 Hardware Virtualization History 1967: IBM System 360/ VM/370 fully virtualizable 1980s–1990s: “Forgotten”. x86 had no support 1999: VMWare. First x86 virtualization. 2003: Xen. Paravirtualization for Linux. Used by Amazon EC2 2006: Intel and AMD develop CPU extensions 2007: Linux Kernel Virtual Machines (KVM). Used by Google Cloud (and others). 5 / 33 Guest Operating Systems VMs run their own operating system (called “guest OS”) Full Virtualization: run unmodified guest OS. But, operating systems assume they have full control of actual hardware. With virtualization, they only have control over “virtual” hardware. Para Virtualization: Run virtualization-aware guest OS that participates and helps in the virtualization. Full machine hardware virtualization is challenging What happens when an instruction is executed? Memory accesses? Control I/O devices? Handle interrupts? File read/write? 6 / 33 Full Virtualization Requirements Isolation.
  • Paranoid Browsing

    Paranoid Browsing

    Paranoid Browsing By Aaron Grothe NEbraskaCERT 1 Parnoid Browsing ● What is Paranoid Browsing? ● Why should I Paranoid Browse? ● How to be more Paranoid. 2 What is Parnoid Browsing? ● Paranoid browsing is where you want to make sure that you make it harder for people to connect your browsing to you 3 Why Should I Paranoid Browse ● You're looking up something medical that you want to make sure doesn't make it to the googleplex ● You're a whistleblower trying to make sure that something is traced back to you ● You want to learn more about tor or tails ● Because you want to and/or Because you can 4 Historical Paranoid Browsing ● This is how I used to do research ● Had a machine with two removable drives ● Would put drives into both Drives and boot off a cd-rom then DD the master to the use disk ● Shutdown machine remove CD and master drive and then boot and start browsing 5 Historical Paranoid Browsing (Cont) ● Would use a set of Open Proxies such as Proxies for all to do most of the browsing. ● Rules ● Always use at least two proxies in different countries with different laws and procedures and languages ● Pretty simple to do along the lines of http://firstproxy:portnumber/http://secondproxy:portnumber/ http://thirdproxy:portnumber/http://www.sitetoexamine.com ● 6 Historical Paranoid Browsing (Cont) ● Worked pretty well. Harder to find „safe proxies“ nowadays as you never know who is running one ● Has largely been replaced by ToR and VPNs 7 Paranoid Browsing Today ● Will want to use tor (The Onion Router) and a decent VPN for security ●
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
  • Virtualization

    Virtualization

    Virtualization ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What is virtualization? Without virtualization: (CIS 399 Unix) Virtualization April 6, 2009 2 / 22 What is virtualization? With virtualization: (CIS 399 Unix) Virtualization April 6, 2009 3 / 22 Why virtualize? (CIS 399 Unix) Virtualization April 6, 2009 4 / 22 Why virtualize? Operating system independence Hardware independence Resource utilization Security Flexibility (CIS 399 Unix) Virtualization April 6, 2009 5 / 22 Virtualization for Users Parallels Desktop and VMware Fusion have brought virtualization to normal computer users. Mostly used for running Windows programs side-by-side with OS X programs. Desktop use has pushed support for: I USB devices I Better graphics performance (3d acceleration) I Integration between the guest and host operating system and applications. (CIS 399 Unix) Virtualization April 6, 2009 6 / 22 Virtualization for Developers Build and test on multiple operating systems with a single computer. Use VM snapshots to provide a consistent testing environment. Run the debugger from outside the virtual machine. I Isolates the debugger and program from each other. I Allows easy kernel debugging. I Snapshotting and record/replay allow you to capture and analyze rare bugs. (CIS 399 Unix) Virtualization April 6, 2009 7 / 22 Virtualization for Business Hardware independence - upgrade hardware without reinstalling software. Resource utilization - turn 10 hosts with 10% utilization into 1 host with 100% utilization. Big power and cooling savings! Migration - move a server to a different machine without shutting it down.
  • Virtualization of Linux Based Computers: the Linux-Vserver Project

    Virtualization of Linux Based Computers: the Linux-Vserver Project

    VirtualizationVirtualization ofof LinuxLinux basedbased computers:computers: thethe LinuxLinux--VServerVServer projectproject BenoBenoîîtt desdes Ligneris,Ligneris, Ph.Ph. D.D. [email protected] Objectives:Objectives: Objectives:Objectives: 1)1) PresentPresent thethe availableavailable programsprograms thatthat cancan provideprovide aa virtualizationvirtualization ofof LinuxLinux computerscomputers withwith differentdifferent technologies.technologies. Objectives:Objectives: 1)1) PresentPresent thethe availableavailable programsprograms thatthat cancan provideprovide aa virtualizationvirtualization ofof LinuxLinux computerscomputers withwith differentdifferent technologies.technologies. 2)2) FocusFocus onon LinuxLinux--VServers:VServers: aa veryvery lightweightlightweight andand effectiveeffective technologytechnology forfor thethe regularregular LinuxLinux useruser notnot interstedintersted inin KernelKernel hacking.hacking. PlanPlan PlanPlan ● IntroductionIntroduction PlanPlan ● IntroductionIntroduction ● OverviewOverview ofof thethe availableavailable technologytechnology PlanPlan ● IntroductionIntroduction ● OverviewOverview ofof thethe availableavailable technologytechnology ● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria PlanPlan ● IntroductionIntroduction ● OverviewOverview ofof thethe availableavailable technologytechnology ● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria ● ComparativeComparative studystudy ofof thethe existingexisting
  • Draft NISTIR 8221

    Draft NISTIR 8221

    Withdrawn Draft Warning Notice The attached draft document has been withdrawn, and is provided solely for historical purposes. It has been superseded by the document identified below. Withdrawal Date June 5, 2019 Original Release Date September 21, 2018 Superseding Document Status Final Series/Number NISTIR 8221 Title A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data Publication Date June 2019 DOI https://doi.org/10.6028/NIST.IR.8221 CSRC URL https://csrc.nist.gov/publications/detail/nistir/8221/final Additional Information 1 Draft NISTIR 8221 2 3 A Methodology for Determining 4 Forensic Data Requirements for 5 Detecting Hypervisor Attacks 6 7 8 Ramaswamy Chandramouli 9 Anoop Singhal 10 Duminda Wijesekera 11 Changwei Liu 12 13 14 Draft NISTIR 8221 15 16 A Methodology for Determining 17 Forensic Data Requirements for 18 Detecting Hypervisor Attacks 19 20 Ramaswamy Chandramouli 21 Anoop Singhal 22 Duminda Wijesekera 23 Changwei Liu 24 Computer Security Division 25 Information Technology Laboratory 26 27 28 29 30 31 32 33 34 35 36 September 2018 37 38 39 40 41 U.S. Department of Commerce 42 Wilbur L. Ross, Jr., Secretary 43 44 National Institute of Standards and Technology 45 Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology 46 47 National Institute of Standards and Technology Internal Report 8221 48 27 pages (September 2018) 49 50 51 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 52 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 53 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 54 available for the purpose.
  • Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization technologies overview Course: CS 490 by Mendel Rosenblum Name Can boot USB GUI Live 3D Snaps Live an OS on mem acceleration hot of migration another ory runnin disk alloc g partition ation system as guest Bochs partially partially Yes No Container s Cooperati Yes[1] Yes No No ve Linux (supporte d through X11 over networkin g) Denali DOSBox Partial (the Yes No No host OS can provide DOSBox services with USB devices) DOSEMU No No No FreeVPS GXemul No No Hercules Hyper-V iCore Yes Yes No Yes No Virtual Accounts Imperas Yes Yes Yes Yes OVP (Eclipse) Tools Integrity Yes No Yes Yes No Yes (HP-UX Virtual (Integrity guests only, Machines Virtual Linux and Machine Windows 2K3 Manager in near future) (add-on) Jail No Yes partially Yes No No No KVM Yes [3] Yes Yes [4] Yes Supported Yes [5] with VMGL [6] Linux- VServer LynxSec ure Mac-on- Yes Yes No No Linux Mac-on- No No Mac OpenVZ Yes Yes Yes Yes No Yes (using Xvnc and/or XDMCP) Oracle Yes Yes Yes Yes Yes VM (manage d by Oracle VM Manager) OVPsim Yes Yes Yes Yes (Eclipse) Padded Yes Yes Yes Cell for x86 (Green Hills Software) Padded Yes Yes Yes No Cell for PowerPC (Green Hills Software) Parallels Yes, if Boot Yes Yes Yes DirectX 9 Desktop Camp is and for Mac installed OpenGL 2.0 Parallels No Yes Yes No partially Workstati on PearPC POWER Yes Yes No Yes No Yes (on Hypervis POWER 6- or (PHYP) based systems, requires PowerVM Enterprise Licensing) QEMU Yes Yes Yes [4] Some code Yes done [7]; Also supported with VMGL [6] QEMU w/ Yes Yes Yes Some code Yes kqemu done [7]; Also module supported