Because the Hypervisor sits below all other components, it’s naturally the first attack target of those looking to compromise a Hyper-V host. One of the most talked-about items related to security of hypervisors (not specific to Hyper-V) is Blue Pill. The term Blue Pill harkens back to the film The Matrix—if you ingested the blue pill, you had no idea that you actually lived inside the Matrix. The Blue Pill concept was written by Joanna Rutkowska and presented at the Black Hat Security Conference in 2006; it referred to the possibility of malware being injected into a hypervisor-aware platform without the user’s knowledge. Needless to say, it caused quite a stir when people learned that a hypervisor could be subverted so easily.
Hyper-V was developed with a number of security assumptions in mind:
•The parent partition is trusted by the hypervisor, and the virtual machines (child partitions) trust the parent partition.
•None of the virtual machines (VMs) running on a host are trusted. They can be used for nefarious deeds.
•The code running in VMs must be run unmodified, must use all features of the x86 instruction set, and can execute in any ring necessary.
•The hypercall interface, which child partitions can use to access functions of the hypervisor is publically available and fully documented. A (potentially) untrusted VM can attempt to execute any of the hypercalls.
•A VM can detect that it’s running on a hypervisor.
Source of Information : Sybex Windows Server 2008 Hyper-V Insiders Guide to Microsofts Hypervisor
Hyper-V was developed with a number of security assumptions in mind:
•The parent partition is trusted by the hypervisor, and the virtual machines (child partitions) trust the parent partition.
•None of the virtual machines (VMs) running on a host are trusted. They can be used for nefarious deeds.
•The code running in VMs must be run unmodified, must use all features of the x86 instruction set, and can execute in any ring necessary.
•The hypercall interface, which child partitions can use to access functions of the hypervisor is publically available and fully documented. A (potentially) untrusted VM can attempt to execute any of the hypercalls.
•A VM can detect that it’s running on a hypervisor.
Source of Information : Sybex Windows Server 2008 Hyper-V Insiders Guide to Microsofts Hypervisor
|
|
0 comments
Post a Comment