Embedded Virtualization

Embedded Virtualization Building a Secure Mini Cloud Per M. Gustavsson, PhD Senior dvisor Cyber Security / Digital Exorcist per.m.gustavsson@combitech.se

En Lite nnorlunda Presenation

Fyra ord Embedded - i allt Virtualization - virtualisering Cloud allt finns någon annanstans - Secure säkerhet

TNKE MED PRESENTTIONEN Titta in i sårbarheter mot virtualisering och effekter på inbyggda virtualisering arkitekturer. Vad försöker man göra för att hantera det hela This presentation will dwell into some known threats towards embedded virtualization architectures and implementations and how these threats have been prevented, mitigated, handled or yet to be addressed

Regardless of the virtualization method used for embedded systems there are no silver bullets for security. Just Iron Ones.

Egen IaaS PaaS SaaS Cloud Klient Klient Klient Klient Mjukvara Mjukvara Mjukvara Mjukvara 6 Plattform Plattform Plattform Plattform Layer 6 Guest pplication Software Infrastruktur Infrastruktur Infrastruktur Infrastruktur Layer 5 Layer 4 Guest OS Virtualization Layer 3 Host OS Layer 2 Physical Devices Layer 1 Network

En återblick på Virtualisering Minskad kostnad resurser, ström, utrymme, hårdvara The purpose of virtualization is generally to reduce cost (e.g. resource usage, power consumption, physical space, Hardware cost) by running several isolated Operating Systems simultaneously on the same hardware.

Virtualiserings typer Virtuliserings typer Server Desktop / Klient Lagring Full Para HW ssisted Remote Server Level (Citrix) Local Level (VMWare) pplication Level Paralells DS Direct ttached Storage SN Storage rea Network NS Network ttached Stroage

Virtualiserings typer Virtuliserings typer Server Desktop / Klient Lagring Full Para HW ssisted Remote Server Level (Citrix) Local Level (VMWare) pplication Level Paralells DS Direct ttached Storage SN Storage rea Network NS Network ttached Storage

OS HW HW Hypervisor Virtual Machine Monitor OS OS1 1 OS2 2 3 4 5 6 1 2 3 4 USER USER USER USER Old fashioned HW Hypervisor Virtual Machine Monitor OS1 1 USER OS2 2 3 4 USER Bare Metal Hosted

When moving virtualization to the embedded systems world three additional elements of consideration is evident. Firstly most embedded systems have real-time requirements to consider which means that for efficient virtualization there is a need to modify the hypervisor (or kernel) to provide efficiency by timely communication to the hardware and other connected resources. Secondly many embedded systems uses hardware and operating systems that are individually built. Thirdly many of the embedded systems uses hardware and software that have diagnostics and service busses and ports that are wide open for exploitation.

REDUNDNS

INFOTINMENT VM och UTOMOTIVE VM

Sårbarheter Insecure Interfaces and PIs Malicious Insider - nställda VMM / Hypervisors Data Loss or leakage (failures, inconsistent use of encryption, ccount or Service Hijacking Unknown Risk Profile (Versions, Patches, Intrusion tempts)

Sårbarheter i allt Session Riding and Hijacking Virtual Machine Escape (a guest-level VM to attack its host. ) Reliability and vailability of Service (the priority of the VMM and OS) Insecure Cryptography (implemntations but also random number generation no mouses, or HDD, just software versions) DataProtectionandPortability (Data formats, access?) VendorLock-in (Specialized )

Sårbarheter i allt Internet Dependency Virtual Machine Monitors (VMM) and operating systems cannot handle virus infection threats Linux s Mandatory ccess Control (MC) cantmeet security requirements of different applications Cross side scripting, cookie manipulation, SQL injection, insecure configuration Data Remanence Vad händer med data hur länge ska den finnas Privacy Överföring av applikationer och data från leverantör till minimolnet/virtualiserade systemet, uppdateringar Integritet av data Eventual Consistency eller CID eller båda

Virtualization Sårbarehter virtual machine processing status of VMs, Updates, connections, patching hypervisor Virtual-Machine-Based Rootkit virtual infrastructure physical access single point of control virtual network llt bröt vi ser på nätet

Slutsats sårbarheter Utgå från att att allt (HW /SW / VMM) är smittat från början

Hur lösa VMM med liten kodbas HW VMMs Encryption and Key Management Intrusion Detection Tool Virtual Firewall (VF) Trusted Virtual Domains ccess Control Mechanisms Virtual Trusted Platorm Module Splitting features and functionalities among different VMMs running on different systems Logg hantering (I efterand) cquiring data from the virtual machine is complex (flyktig data och bryter säkerhetsmodellen)

IDS / IPS VM centrerad IDS/IPS Virtuell VM IDS/IPS VM Watchdog Koordinerad

DET ÄR SMM Det är samma säkerhetsutmaningpå Internet, i molnet i de inbyggda systemen System / protokoll / mjukvara som inte är byggda för säkerhet kommer aldrigvara säkra Bygg rätt från början Egen Klient Mjukvara Plattform IaaS Klient Mjukvara Plattform PaaS Klient Mjukvara Plattform SaaS Klient Mjukvara Plattform USER 1 OS1 2 Hypervisor Virtual Machine Monitor HW USER 3 OS2 4 Infrastruktur Infrastruktur Infrastruktur Infrastruktur Bare Metal

Regardless of the virtualization method used for embedded systems there are no silver bullets for security. Just Iron Ones.

RISK HNTERING Identifiera Prioritera Hantera det man har råd med Det som är kvar - LEV MED DET och håll tummarna

Evaluation Criteria Orange Book (TCSEC) 1985 UK Confidence Levels 1989 German Criteria French Criteria ITSEC 1991 Canadian Criteria (CTCPEC) 1993 Federal Criteria Draft 1993 ISO 15408-1999 Common Criteria (CC) V1.0 1996 V2.0 1998 V2.1 1999 Trusted Computer System Evaluation Criteria (TCSEC) Evaluates Confidentiality Information Technology Security Evaluation Criteria (ITSEC) Evaluates Confidentiality, Integrity and vailability Common Criteria (CC) Provided a common structure and language It s an International standard (ISO 15408)

GOVERNNCE Zachman Framework (1980s) C4ISR rchitecture Framework (1990s) The Open Group rchitecture Framework (TOGF) (mid-1990s) DoD rchitecture Framework (DoD F) (2000s) History of rchitecture Framework for Information Systems C4ISR rchitecture Framework à DoD F 1.0 à DoD F 2.0 Operational View Systems View Technical Standards View Service View Capability View

- 26 - Determining the rchitecture Model rchitecture is a high-level description of system. Intended use Scope Characteristics to be captured Organization of data for designing a system Contextual Security rchitecture Conceptual Security rchitecture Logical Security rchitecture Physical Security rchitecture Component Security rchitecture Operational Security rchitecture Reference: Enterprise Security rchitecture Business-Driven pproach

- 27 - Zachman rchitecture Framework Source: The Zachman Framework for Enterprise rchitecture

Information Security Requirements Information Security Requirements ssurance Requirements Example: SC-3: Security Function Isolation. The information system isolates security functions from non-security functions. Functional Requirements For defining security behavior of the IT product or system. ssurance Requirements For establishing confidence that the security function will perform as intended. Functional Requirements Example: VLN technology shall be created to partition the network into multiple mission-specific security domains. The integrity of the internetworking architecture shall be preserved by the access control list (CL).

- 29 - Reference Monitor reference monitor is an abstract machine that mediates all accesses to objects by subjects Reference monitor is performed by a reference validation mechanism where it is a system composed of hardware, firmware, and software Subject ccess Request Security Policy Reference Monitor Validation Mechanism Log information Certification & Enforcement Rules ccess Log ccess Permitted Objects USER 1 OS1 2 USER 3 OS2 Hypervisor Virtual Machine Monitor 4 HW Reference: DoD 5200.28-STD, Trusted Computer System Evaluation Criteria (TCSEC), December 26, 1985. Bare Metal

Ett fordon har lite av varje Virtualisering Server Desktop / Klient Lagring Full Para HW ssisted Remote Server Level (Citrix) Local Level (VMWare) pplication Level Parallels DS Direct ttached Storage SN Storage rea Network NS Network ttached Storage