QEMU As a Platform for PLC Virtualization an Analysis from a Cyber Security Perspective
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Imperas Tools Overview
Imperas Tools Overview This document provides an overview of the OVP and Imperas tools environment. Imperas Software Limited Imperas Buildings, North Weston, Thame, Oxfordshire, OX9 2HA, UK [email protected] Author: Imperas Software Limited Version: 2.0.2 Filename: Imperas_Tools_Overview.doc Project: Imperas Tools Overview Last Saved: January 22, 2021 Keywords: Imperas Tools Overview © 2021 Imperas Software Limited www.OVPworld.org Page 1 of 20 Imperas Tools Overview Copyright Notice Copyright © 2021 Imperas Software Limited All rights reserved. This software and documentation contain information that is the property of Imperas Software Limited. The software and documentation are furnished under a license agreement and may be used or copied only in accordance with the terms of the license agreement. No part of the software and documentation may be reproduced, transmitted, or translated, in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without prior written permission of Imperas Software Limited, or as expressly provided by the license agreement. Right to Copy Documentation The license agreement with Imperas permits licensee to make copies of the documentation for its internal use only. Each copy shall include all copyrights, trademarks, service marks, and proprietary rights notices, if any. Destination Control Statement All technical data contained in this publication is subject to the export control laws of the United States of America. Disclosure to nationals of other countries contrary to United States law is prohibited. It is the reader’s responsibility to determine the applicable regulations and to comply with them. Disclaimer IMPERAS SOFTWARE LIMITED., AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -
Effective Virtual CPU Configuration with QEMU and Libvirt
Effective Virtual CPU Configuration with QEMU and libvirt Kashyap Chamarthy <[email protected]> Open Source Summit Edinburgh, 2018 1 / 38 Timeline of recent CPU flaws, 2018 (a) Jan 03 • Spectre v1: Bounds Check Bypass Jan 03 • Spectre v2: Branch Target Injection Jan 03 • Meltdown: Rogue Data Cache Load May 21 • Spectre-NG: Speculative Store Bypass Jun 21 • TLBleed: Side-channel attack over shared TLBs 2 / 38 Timeline of recent CPU flaws, 2018 (b) Jun 29 • NetSpectre: Side-channel attack over local network Jul 10 • Spectre-NG: Bounds Check Bypass Store Aug 14 • L1TF: "L1 Terminal Fault" ... • ? 3 / 38 Related talks in the ‘References’ section Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications What this talk is not about 4 / 38 Related talks in the ‘References’ section What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications 4 / 38 What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications Related talks in the ‘References’ section 4 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP QEMU QEMU VM1 VM2 Custom Disk1 Disk2 Appliance ioctl() KVM-based virtualization components Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP Custom Appliance KVM-based virtualization components QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) Custom Appliance KVM-based virtualization components libvirtd QMP QMP QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 libguestfs (guestfish) Custom Appliance KVM-based virtualization components OpenStack, et al. -
QEMU Parameter Jungle Slides
Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth <[email protected]> Legal ● Disclaimer: Opinions are my own and not necessarily the views of my employer ● “Jungle Leaves” background license: CC BY 3.0 US : https://creativecommons.org/licenses/by/3.0/us/ Image has been modified from the original at: https://www.freevector.com/jungle-leaves-vector-background 2 Introduction 3 Why a guide through the QEMU parameter jungle? 4 Why a guide through the QEMU parameter jungle? ● QEMU is a big project, supports lots of emulated devices, and lots of host backends ● 15 years of development → a lot of legacy ● $ qemu-system-i386 -h | wc -l 454 ● People regularly ask about CLI problems on mailing lists or in the IRC channels → Use libvirt, virt-manager, etc. if you just want an easier way to run a VM 5 General Know-How ● QEMU does not distinguish single-dash options from double-dash options: -h = --h = -help = --help ● QEMU starts with a set of default devices, e.g. a NIC and a VGA card. If you don't want this: --nodefaults or suppress certain default devices: --vga none --net none 6 Getting help about the options ● Parameter overview: -h or --help (of course) ● Many parameters provide info with “help”: --accel help ● Especially, use this to list available devices: --device help ● To list parameters of a device: --device e1000,help ● To list parameters of a machine: --machine q35,help 7 e1000 example ● $ qemu-system-x86_64 --device e1000,help [...] e1000.addr=int32 (PCI slot and function¼) e1000.x-pcie-extcap-init=bool (on/off) e1000.extra_mac_registers=bool (on/off) e1000.mac=str (Ethernet 6-byte MAC Address¼) e1000.netdev=str (ID of a netdev backend) ● $ qemu-system-x86_64 --device \ e1000,mac=52:54:00:12:34:56,addr=06.0 8 General Know How: Guest and Host There are always two parts of an emulated device: ● Emulated guest hardware, e.g.: --device e1000 ● The backend in the host, e.g.: --netdev tap Make sure to use right set of parameters for configuration! 9 “Classes” of QEMU parameters ● Convenience : Easy to use, but often limited scope. -
Virtual Machine Technologies and Their Application in the Delivery of ICT
Virtual Machine Technologies and Their Application In The Delivery Of ICT William McEwan accq.ac.nz n Christchurch Polytechnic Institute of Technology Christchurch, New Zealand [email protected] ABSTRACT related areas - a virtual machine or network of virtual machines can be specially configured, allowing an Virtual Machine (VM) technology was first ordinary user supervisor rights, and it can be tested implemented and developed by IBM to destruction without any adverse effect on the corporation in the early 1960's as a underlying host system. mechanism for providing multi-user facilities This paper hopes to also illustrate how VM in a secure mainframe computing configurations can greatly reduce our dependency on environment. In recent years the power of special purpose, complex, and expensive laboratory personal computers has resulted in renewed setups. It also suggests the important additional role interest in the technology. This paper begins that VM and VNL is likely to play in offering hands-on by describing the development of VM. It practical experience to students in a distance e- discusses the different approaches by which learning environment. a VM can be implemented, and it briefly considers the advantages and disadvantages Keywords: Virtual Machines, operating systems, of each approach. VM technology has proven networks, e-learning, infrastructure, server hosting. to be extremely useful in facilitating the Annual NACCQ, Hamilton New Zealand July, 2002 www. Annual NACCQ, Hamilton New Zealand July, teaching of multiple operating systems. It th offers an alternative to the traditional 1. INTRODUCTION approaches of using complex combinations Virtual Machine (VM) technology is not new. It was of specially prepared and configured OS implemented on mainframe computing systems by the images installed via the network or installed IBM Corporation in the early 1960’s (Varian 1997 pp permanently on multiple partitions or on 3-25, Gribben 1989 p.2, Thornton 2000 p.3, Sugarman multiple physical hard drives. -
Many Things Related to Qubesos
Qubes OS Many things Many things related to QubesOS Author: Neowutran Contents 1 Wiping VM 2 1.1 Low level storage technologies .................. 2 1.1.1 Must read ......................... 2 1.1.2 TL;DR of my understanding of the issue ........ 2 1.1.3 Things that could by implemented by QubesOS .... 2 2 Create a Gaming HVM 2 2.1 References ............................. 2 2.2 Prerequise ............................. 3 2.3 Hardware ............................. 3 2.4 Checklist .............................. 4 2.5 IOMMU Group .......................... 4 2.6 GRUB modification ........................ 4 2.7 Patching stubdom-linux-rootfs.gz ................ 5 2.8 Pass the GPU ........................... 6 2.9 Conclusion ............................. 6 2.10 Bugs ................................ 6 3 Create a Linux Gaming HVM, integrated with QubesOS 7 3.1 Goals ................................ 7 3.2 Hardware used .......................... 7 3.3 Main steps summary ....................... 7 3.3.1 Detailled steps ...................... 8 3.3.2 Using a kernel provided by debian ............ 8 3.4 Xorg ................................ 8 3.4.1 Pulseaudio ......................... 11 3.5 Final notes ............................ 11 3.6 References ............................. 12 4 Nitrokey and QubeOS 12 5 Recovery: Mount disk 12 6 Disposable VM 13 6.1 Introduction ............................ 14 6.1.1 References ......................... 14 6.1.2 What is a disposable VM? ................ 14 6.2 Playing online video ....................... 14 6.3 Web browsing ........................... 15 6.4 Manipulating untrusted files/data ................ 16 1 6.5 Mounting LVM image ...................... 17 6.6 Replace sys-* VM ......................... 18 6.7 Replace some AppVMs ...................... 18 7 Building a new QubesOS package 18 7.1 References ............................. 18 7.2 Goal ................................ 18 7.3 The software ............................ 19 7.4 Packaging ............................. 19 7.5 Building ............................. -
A Virtual Machine Environment for Real Time Systems Laboratories
AC 2007-904: A VIRTUAL MACHINE ENVIRONMENT FOR REAL-TIME SYSTEMS LABORATORIES Mukul Shirvaikar, University of Texas-Tyler MUKUL SHIRVAIKAR received the Ph.D. degree in Electrical and Computer Engineering from the University of Tennessee in 1993. He is currently an Associate Professor of Electrical Engineering at the University of Texas at Tyler. He has also held positions at Texas Instruments and the University of West Florida. His research interests include real-time imaging, embedded systems, pattern recognition, and dual-core processor architectures. At the University of Texas he has started a new real-time systems lab using dual-core processor technology. He is also the principal investigator for the “Back-To-Basics” project aimed at engineering student retention. Nikhil Satyala, University of Texas-Tyler NIKHIL SATYALA received the Bachelors degree in Electronics and Communication Engineering from the Jawaharlal Nehru Technological University (JNTU), India in 2004. He is currently pursuing his Masters degree at the University of Texas at Tyler, while working as a research assistant. His research interests include embedded systems, dual-core processor architectures and microprocessors. Page 12.152.1 Page © American Society for Engineering Education, 2007 A Virtual Machine Environment for Real Time Systems Laboratories Abstract The goal of this project was to build a superior environment for a real time system laboratory that would allow users to run Windows and Linux embedded application development tools concurrently on a single computer. These requirements were dictated by real-time system applications which are increasingly being implemented on asymmetric dual-core processors running different operating systems. A real time systems laboratory curriculum based on dual- core architectures has been presented in this forum in the past.2 It was designed for a senior elective course in real time systems at the University of Texas at Tyler that combines lectures along with an integrated lab. -
Ibex Documentation Release 0.1.Dev50+G873e228.D20211001
Ibex Documentation Release 0.1.dev50+g873e228.d20211001 lowRISC Oct 01, 2021 CONTENTS 1 Introduction to Ibex 3 1.1 Standards Compliance..........................................3 1.2 Synthesis Targets.............................................4 1.3 Licensing.................................................4 2 Ibex User Guide 5 2.1 System and Tool Requirements.....................................5 2.2 Getting Started with Ibex.........................................6 2.3 Core Integration.............................................6 2.4 Examples.................................................9 3 Ibex Reference Guide 11 3.1 Pipeline Details.............................................. 11 3.2 Instruction Cache............................................. 13 3.3 Instruction Fetch............................................. 17 3.4 Instruction Decode and Execute..................................... 19 3.5 Load-Store Unit............................................. 22 3.6 Register File............................................... 24 3.7 Control and Status Registers....................................... 27 3.8 Performance Counters.......................................... 36 3.9 Exceptions and Interrupts........................................ 38 3.10 Physical Memory Protection (PMP)................................... 41 3.11 Security Features............................................. 42 3.12 Debug Support.............................................. 43 3.13 Tracer................................................... 44 3.14 Verification............................................... -
OVP Debugging Applications with Eclipse User Guide
OVP Debugging Applications with Eclipse User Guide Imperas Software Limited Imperas Buildings, North Weston, Thame, Oxfordshire, OX9 2HA, UK [email protected] Author: Imperas Software Limited Version: 1.3 Filename: OVPsim_Debugging_Applications_with_Eclipse_User_Guide.doc Project: OVP Debugging Applications with Eclipse User Guide Last Saved: Monday, 13 January 2020 Keywords: © 2020 Imperas Software Limited www.OVPworld.org Page 1 of 39 OVP Debugging Applications with Eclipse User Guide Copyright Notice Copyright © 2020 Imperas Software Limited All rights reserved. This software and documentation contain information that is the property of Imperas Software Limited. The software and documentation are furnished under a license agreement and may be used or copied only in accordance with the terms of the license agreement. No part of the software and documentation may be reproduced, transmitted, or translated, in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without prior written permission of Imperas Software Limited, or as expressly provided by the license agreement. Right to Copy Documentation The license agreement with Imperas permits licensee to make copies of the documentation for its internal use only. Each copy shall include all copyrights, trademarks, service marks, and proprietary rights notices, if any. Destination Control Statement All technical data contained in this publication is subject to the export control laws of the United States of America. Disclosure to nationals of other countries contrary to United States law is prohibited. It is the reader’s responsibility to determine the applicable regulations and to comply with them. Disclaimer IMPERAS SOFTWARE LIMITED, AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -
Attacker Chatbots for Randomised and Interactive Security Labs, Using Secgen and Ovirt
Hackerbot: Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt Z. Cliffe Schreuders, Thomas Shaw, Aimée Mac Muireadhaigh, Paul Staniforth, Leeds Beckett University Abstract challenges, rewarding correct solutions with flags. We deployed an oVirt infrastructure to host the VMs, and Capture the flag (CTF) has been applied with success in leveraged the SecGen framework [6] to generate lab cybersecurity education, and works particularly well sheets, provision VMs, and provide randomisation when learning offensive techniques. However, between students. defensive security and incident response do not always naturally fit the existing approaches to CTF. We present 2. Related Literature Hackerbot, a unique approach for teaching computer Capture the flag (CTF) is a type of cyber security game security: students interact with a malicious attacker which involves collecting flags by solving security chatbot, who challenges them to complete a variety of challenges. CTF events give professionals, students, security tasks, including defensive and investigatory and enthusiasts an opportunity to test their security challenges. Challenges are randomised using SecGen, skills in competition. CTFs emerged out of the and deployed onto an oVirt infrastructure. DEFCON hacker conference [7] and remain common Evaluation data included system performance, mixed activities at cybersecurity conferences and online [8]. methods questionnaires (including the Instructional Some events target students with the goal of Materials Motivation Survey (IMMS) and the System encouraging interest in the field: for example, PicoCTF Usability Scale (SUS)), and group interviews/focus is an annual high school competition [9], and CSAW groups. Results were encouraging, finding the approach CTF is an annual competition for students in Higher convenient, engaging, fun, and interactive; while Education (HE) [10]. -
Ovirt and Openstack Storage (Present and Future)
oVirt and OpenStack Storage (present and future) Federico Simoncelli Principal Software Engineer, Red Hat January 2014 1 Federico Simoncelli – oVirt and OpenStack Storage (present and future) Agenda ● Introduction ● oVirt and OpenStack Overview ● Present ● oVirt and Glance Integration ● Importing and Exporting Glance Images ● Current Constraints and Limitations ● Future ● Glance Future Integration ● Keystone Authentication in oVirt ● oVirt and Cinder Integration 2 Federico Simoncelli – oVirt and OpenStack Storage (present and future) oVirt Overview ● oVirt is a virtualization management application ● manages hardware nodes, storage and network resources, in order to deploy and monitor virtual machines running in your data center ● Free open source software released under the terms of the Apache License 3 Federico Simoncelli – oVirt and OpenStack Storage (present and future) The oVirt Virtualization Architecture 4 Federico Simoncelli – oVirt and OpenStack Storage (present and future) OpenStack Overview ● Cloud computing project to provide an Infrastructure as a Service (IaaS) ● Controls large pools of compute, storage, and networking resources ● Free open source software released under the terms of the Apache License ● Project is managed by the OpenStack Foundation, a non-profit corporate entity established in September 2012 5 Federico Simoncelli – oVirt and OpenStack Storage (present and future) OpenStack Glance Service ● Provides services for discovering, registering, and retrieving virtual machine images ● RESTful API that allows querying -
Virtual Alpha User Guide for Avanti, Avantiflex, & Freeaxp 05-JAN-2018 Version 3.0: This Manual Covers All Releases of Avanti™, Avantiflex™ and Freeaxp™
Migration Specialties International, Inc. 217 West 2nd Street, Florence, CO 81226-1403 +1 719-784-9196 E-mail: [email protected] www.MigrationSpecialties.com Continuity in Computing Virtual Alpha User Guide for Avanti, AvantiFlex, & FreeAXP 05-JAN-2018 Version 3.0: This manual covers all releases of Avanti™, AvantiFlex™ and FreeAXP™. This manual describes how to install and use Avanti, AvantiFlex, and FreeAXP, Migration Specialties' AlphaServer 400 hardware emulators. AvantiFlex and Avanti are commercial products that require purchase of a product license. AvantiFlex and Avanti include 30 days of manufacturer support after purchase and the option to buy an extended support contract. FreeAXP can be used for personal and commercial purposes. FreeAXP is unsupported without purchase of a support contract. If you have questions or problems with FreeAXP and have not purchased a support contract, visit the FreeAXP forum at the OpenVMS Hobbyist web site. Avanti & Avanti Flex Links Product Info: http://www.migrationspecialties.com/Emulator-Alpha.html User Guide: http://www.migrationspecialties.com/pdf/VirtualAlpha_UserGuide.pdf Release Notes: http://www.migrationspecialties.com/pdf/VirtualAlpha_ReleaseNotes.pdf License: http://www.migrationspecialties.com/pdf/AvantiLicense.pdf SPD: http://www.migrationspecialties.com/pdf/Avanti_SPD.pdf Pricing Guide: http://www.migrationspecialties.com/pdf/VirtualAlphaPricingGuide.pdf FreeAXP Links Product Info: http://www.migrationspecialties.com/FreeAXP.html User Guide: http://www.migrationspecialties.com/pdf/VirtualAlpha_UserGuide.pdf Release Notes: http://www.migrationspecialties.com/pdf/VirtualAlpha_ReleaseNotes.pdf License: http://www.migrationspecialties.com/pdf/FreeAXP_License.pdf SPD: http://www.migrationspecialties.com/pdf/FreeAXP_SPD.pdf User Forum: http://www.vmshobbyist.com/forum/viewforum.php?forum_id=163 Download: http://www.migrationspecialties.com/FreeAXP.html Copyright 2018, Migration Specialties. -
Oracle Virtualbox Installation, Setup, and Ubuntu Introduction
ORACLE VIRTUALBOX INSTALLATION, SETUP, AND UBUNTU INTRODUCTION • VirtualBox is a hardware virtualization program. • Create virtual computers aka virtual machines. • Prototyping, sandboxing, testing. • The computer that VirtualBox is installed on is called the “host”, and each virtual machine is called a “guest”. PREREQUISITES Since virtual machines share resources with the host computer, we need to know what resources we have available on our host. • Click “Type here to search”. • Search for “System Information”. • Note the number of processor cores and the amount of RAM installed in your host. PREREQUISITES • Expand “Components”. • Expand “Storage”. • Select “Drives”. • Note the amount of free space available on your host. Every computer is different, so how we will need to balance these resources between our host and guest systems will differ. DOWNLOADING VIRTUALBOX • VISIT VIRTUALBOX.ORG • SELECT THE CORRECT PACKAGE • CLICK THE DOWNLOAD LINK. FOR YOUR HOST. INSTALLING VIRTUALBOX • Browse to where you downloaded VirtualBox and run the installer. • All default options will be fine. Simply follow the prompts. INSTALLING VIRTUALBOX • CLICK “FINISH”. • VIRTUALBOX INSTALLED! SETTING THINGS UP Before we build our first virtual machine, we need to download an operating system to install as our “guest”. • Visit Ubuntu.com • Click “Download”. • Select the current Ubuntu Desktop “LTS” release. • LTS releases focus on stability rather than cutting edge features. SETTING THINGS UP • IN VIRTUALBOX, CLICK “NEW”. • NAME THE VIRTUAL MACHINE. SETTING THINGS UP Here’s where we will need the system resources information that we looked up earlier. Each virtual machine functions like a separate computer in and of itself and will need to share RAM with the host.