The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Vulnerabilidades em hipervisores são cruciais em nuvens multilocatários e atraentes para invasores porque uma vulnerabilidade no hipervisor pode prejudicar toda a segurança da máquina virtual (VM). Este artigo enfoca vulnerabilidades em emuladores de instruções dentro de hipervisores. Vulnerabilidades em emuladores de instruções não são raras; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, para citar alguns. Para compatibilidade retroativa com CPUs x86 legadas, os hipervisores convencionais emulam instruções arbitrárias a qualquer momento, se solicitado. Esse design leva a uma grande superfície de ataque, dificultando a eliminação de vulnerabilidades no emulador.
Este artigo propõe FWinst que restringe a superfície de ataque contra vulnerabilidades no emulador. O principal insight por trás FWinst é que o emulador deve emular apenas um pequeno subconjunto de instruções, dependendo da microarquitetura da CPU subjacente e da configuração do hipervisor. FWinst reconhece contextos de emulação nos quais o emulador de instrução é invocado e identifica um subconjunto legítimo de instruções que podem ser emuladas no contexto atual. Ao filtrar instruções ilegítimas, FWinst estreita a superfície de ataque. Em particular, FWinst é eficaz em microarquiteturas x86 recentes porque o subconjunto legítimo se torna muito pequeno. Nossos resultados experimentais demonstram FWinst evita que vulnerabilidades existentes no emulador sejam exploradas nas microarquiteturas Westmere e Skylake, e a sobrecarga do tempo de execução é insignificante.
Kenta ISHIGURO
Keio University
Kenji KONO
Keio University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Kenta ISHIGURO, Kenji KONO, "Instruction Filters for Mitigating Attacks on Instruction Emulation in Hypervisors" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 7, pp. 1660-1671, July 2020, doi: 10.1587/transinf.2019EDP7186.
Abstract: Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator.
This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere and Skylake micro-architectures, and the runtime overhead is negligible.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDP7186/_p
Copiar
@ARTICLE{e103-d_7_1660,
author={Kenta ISHIGURO, Kenji KONO, },
journal={IEICE TRANSACTIONS on Information},
title={Instruction Filters for Mitigating Attacks on Instruction Emulation in Hypervisors},
year={2020},
volume={E103-D},
number={7},
pages={1660-1671},
abstract={Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator.
This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere and Skylake micro-architectures, and the runtime overhead is negligible.},
keywords={},
doi={10.1587/transinf.2019EDP7186},
ISSN={1745-1361},
month={July},}
Copiar
TY - JOUR
TI - Instruction Filters for Mitigating Attacks on Instruction Emulation in Hypervisors
T2 - IEICE TRANSACTIONS on Information
SP - 1660
EP - 1671
AU - Kenta ISHIGURO
AU - Kenji KONO
PY - 2020
DO - 10.1587/transinf.2019EDP7186
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2020
AB - Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator.
This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere and Skylake micro-architectures, and the runtime overhead is negligible.
ER -