Fakult¨atf¨urElektrotechnik und Informatik Institut f¨ur Softwaretechnik und Theoretische Informatik Fachgebiet Security in Telecommunications Design and Provability of a Statically Configurable Hypervisor vorgelegt von Dipl.-Inform. Jan Nordholz geb. in Stadthagen von der Fakult¨atIV – Elektrotechnik und Informatik der Technischen Universit¨atBerlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften (Dr.-Ing.) genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Hans-Ulrich Heiß, Technische Universit¨atBerlin Gutachter: Prof. Dr. Jean-Pierre Seifert, Technische Universit¨atBerlin Gutachter: Prof. Fabio Massacci, Ph.D., Universit`adi Trento Gutachter: Prof. Dr.-Ing. Stefan J¨ahnichen, Technische Universit¨atBerlin Tag der wissenschaftlichen Aussprache: 2. Juni 2017 Berlin 2017 Abstract In this thesis we develop a novel, minimalist design for Type I hypervisors and present a fully working prototype for the ARMv7 and ARMv8 architectures. We introduce its key design paradigm, the Principle of Staticity, elaborate on its consequences for the resulting implementation, and discuss scenarios where not all dynamicity can be eliminated. We also describe, implement, and evaluate the configuration framework necessary to build this specific kind of hypervisor. Even though the compiled hypervisor images are fully static, we show that the framework is powerful enough to support various system-on-chip target platforms, different address translation regimes, and even com- pletely unrelated architectures. We further demonstrate its versatility by extending the framework to even support embedded processors which only contain a memory protection unit. After performing a selection of benchmarks to substantiate the competitiveness of our implementation, we continue by subjecting our hypervisor to an analysis using a specialized form of symbolic model checking. We succeed in deriving integrity properties for the hypervisor as well as among virtual machines with surprisingly little effort, but show that complexity immediately ramps up once dynamic components like a shadow paging unit are added to our design. Finally we demonstrate the extensibility of our design despite our postulated Principle of Staticity. As an optimization example, we introduce the concept of ”lightweight VMs” and present a novel use case for a recent feature of the ARM architecture, thereby reducing the switch latency between virtual machines. We conclude with an overview over the published research efforts based on or heavily inspired by our hypervisor and discuss future research questions. ii Contents 1. Introduction1 2. Background4 2.1. A Brief History of Hypervisors . .4 2.2. A Brief History of Microkernels . .6 2.3. Converging Concepts . .9 3. Structural Design 12 3.1. Principle of Staticity . 12 3.2. Applying the Principle of Staticity . 13 3.2.1. Memory Management . 13 3.2.2. Virtualization Interface . 14 3.2.3. Scheduler . 14 3.2.4. Interrupts . 15 3.2.5. Emulated Devices . 16 3.2.6. Events and Timers . 16 3.2.7. Inter-VM Communication . 17 3.2.8. Virtual TLB . 18 3.3. Related Decisions . 20 3.3.1. Multicore Architecture . 20 3.3.2. Execution Model . 21 3.3.3. Preemptibility . 22 3.4. Phidias .................................. 23 4. Static Configuration 25 4.1. Configurable Elements . 25 4.1.1. Hypervisor Core . 25 4.1.2. Virtual Machines . 26 4.2. Completing and Sanitizing . 28 4.3. Resolving Recursive Dependencies . 28 4.4. Generating the Data Structures . 29 4.5. Generating the Page tables . 30 4.6. Schism .................................. 31 4.7. Discussion . 32 4.7.1. Code Deduplication and Extensibility . 32 4.7.2. Complexity Shift . 33 5. Evaluation 34 5.1. Microbenchmarks . 35 5.2. Macrobenchmarks . 36 5.3. Worst-Case Latency . 38 6. Provability 40 6.1. Methodology . 42 iii Contents 6.2. Symbolic Execution Engine Design . 45 6.3. Implementation . 48 6.4. Evaluation . 49 6.5. Corner Cases . 51 6.5.1. Multicore Interaction . 51 6.5.2. Preemptibility . 52 6.6. Verifying the VTLB . 52 7. Lightweight Virtual Machines 56 7.1. Concept . 56 7.2. Hardware Virtualization Analysis . 57 7.2.1. VT-x and AMD-V . 58 7.2.2. ARM VE . 59 7.3. Implementation . 60 7.3.1. Technical Design . 60 7.3.2. Experimental Setup . 61 7.4. Evaluation . 62 7.4.1. Microbenchmarks . 62 7.4.2. VGIC Optimization . 63 7.4.3. Discussion . 63 7.5. Proof Implications . 64 7.6. Conclusion . 65 8. Derived Work 66 8.1. Direct Descendants . 66 8.1.1. XNPro . 66 8.1.2. RkDetect . 67 8.2. Technologically Related Articles . 68 8.2.1. Usurping Hypervisor Mode . 68 8.2.2. Covert Channels in Microkernels . 69 8.3. Ongoing Projects . 70 9. Conclusion and Future Research 71 A. Code Fragments 73 A.1. XML Architecture Definitions . 73 A.2. XML Sample Scenario Definition . 74 A.3. Proof Example Trace . 81 B. Open Source Repositories 83 C. Glossary 84 D. List of Figures 86 E. List of Tables 87 F. Bibliography 88 iv 1. Introduction Microkernels had spent more than a decade on the sideline of academic research when Jochen Liedtke revived the idea by formulating his famous minimality principle[62] and creating the L3 microkernel and its successor L4. These embodiments of his principle became the ancestors of a large family of microkernels, and their success brought attention back to a seemingly uninteresting research field. Since those days, the evolution of computing platforms has radically changed the circumstances. Contemporary personal computers easily run several virtual machines under the control of the host operating system, and even architectures with clear focus on the embedded devices market like ARM and MIPS have entered the virtualization business. The hypervisors, the pieces of control software that are in charge of managing virtualization, follow a design paradigm that is not completely unlike microkernels. Their history however is very different. Due to the recent trend of consolidating disparate workloads onto a single compute platform, both designs increasingly find their way into highly critical environments, e. g. avionics, train control, and road vehicle electronics. All these environments require strict isolation of the individual workloads placed on the computing device. In addition to coding in special-purpose dialects like MISRA C and following safety- specific development processes like IEC 61508, many developers of microkernels and hypervisors have begun subjecting their existing designs to formal methods. Ideally these analyses result in proofs of formal properties of the corresponding implementation such as integrity, absence of covert channels, or even correctness— however endeavours like seL4[58] have demonstrated that generating such a proof is an arduous task which should not be underestimated. The complexity of a proof is significantly influenced by the amount of dynamicity in the underlying system design. Dynamic subsystems like memory allocators, kernel object factories, balancing schedulers, and memory balloon mechanisms are in a way the only challenge to the creation of a formal model: each of these requires the specification of an invariant, a proof that the invariant holds under all possible operations and circumstances, especially the exhaustion case, and if global resources are being managed, additional reasoning that the mechanism cannot be abused to covertly transmit data. Algorithms which operate on static data sets on the other hand, like an iteration over a fixed number of elements of a linked list which is a priori guaranteed to be loop-free, can be easily expressed in formal terms. We strongly believe that the path to a provably secure hypervisor implementation does not necessarily lead to the generation of a proof for one of the big existing general-purpose kernels or hypervisor cores. We argue instead that for most highly critical environments a far simpler implementation is sufficient. At the core of this simplification we propose to reduce dynamicity as much as possible by pregenerating data structures and choosing algorithmic parameters already at the compilation stage. The reduced complexity is going to result in less code, retaining only the relevant device drivers and event handlers for the desired configuration, as well as in “simpler code” in terms of provability. This design paradigm does not even impose any versatil- ity limitations on the resulting implementation, quite the contrary: we envision that 1 1. Introduction a hypervisor designed in this way can still support multiple platforms, even multiple different architectures, with the build process carefully selecting the desired piecesof functionality and generating the necessary corresponding data structures to form an easily provable and perfectly tailored code subset. We claim that this approach is viable because embedded computing platforms such as those designed for highly critical environments are meticulously specified in terms of processing power, available memory resources, and peripheral devices, as opposed to the construction kit mentality of present-day desktop platforms. Likewise, the software components for such embedded devices usually have strict scheduling requirements and require a constant amount of CPU time to perform their tasks, whereas desktop computing is characterized by a vast variability of system utilization. We argue that the advantages of a static system configuration have not been fully recognized yet. Another topic which poses extraordinary difficulty to formal methods is the correct and consistent modelling of multiprocessor interactions.