[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RFC 0/4] Adding Virtual Memory Fuses to Xen

  • To: Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: "Smith, Jackson" <rsmith@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 20 Dec 2022 22:17:24 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=riversideresearch.org; dmarc=pass action=none header.from=riversideresearch.org; dkim=pass header.d=riversideresearch.org; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xAHp56z8TD7h6ciKrrLAGlK/WSWsiBoUJ6MeMG0xCKs=; b=f3R1pDr+BvmYxfd9v1PkVSHWsgjOwfpGbaGMFEIlbVj4WrmiVT+Rfl1E4cQyiQk96jFLnRtTUQxFnATYd9tvP5+ShmnpLRUp56/6GOu0NvSvC6n/BJ4Lo4O9iVaCaiXriLkKtkA7+Oz3gTqn4AhdoUNBcXc4axcSBm+4LId4na5vBWlj4pWzQOkfkkkcZf8Qm44Emrg/c0LrPMlw+SwdQTnQezTb2VE6xqR8s45BEuvqD5RZI+DbIbQNSg/Ycsn62i2qD86j5+D9WdCaPdRWAOvkjWKyAQ0x73JkbtCJ6MPqnKGkWPdlpyQiGxeYtiJMbgtpMWvO5dNvvAyc9hTPGg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=uK7i8jwP05Jw3j0FEPspgI+S54/KM0puIG0uZtz8N/hbmtOnTw3vlLJ3FTTIzCK5iOI4Qz2ShRFit4vZAD/TQPQAhMgQWWXLI6r1222x5XW12bJ3j7EoTxOZnJTcEnjZQ8QOd9I8/Z4TkdLnDIweC6/FG9hZ/ahnSPHoNvKA0voZKTh81e1xIG+avCb4oN0HRY9UTrp5LcVwMfNEuyq0szp8UPzqbfaktaQcXgV0iNe1s5mOUK4xMCxPB9MQGTCgrG3/JYE9Z4VOlvsS2+5kIaPzBZDXJcVbspbOtszB4WZ5iixy2GvkLWzRmf6fm7emmcRKfBlcxPktFXmPh0D/mQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=RiversideResearch.org;
  • Cc: "Brookes, Scott" <sbrookes@xxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "bertrand.marquis@xxxxxxx" <bertrand.marquis@xxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "demi@xxxxxxxxxxxxxxxxxxxxxx" <demi@xxxxxxxxxxxxxxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, "christopher.w.clark@xxxxxxxxx" <christopher.w.clark@xxxxxxxxx>
  • Delivery-date: Tue, 20 Dec 2022 22:17:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZDyrHUdSstfue4UmxiTJ0hoNsoq5sTCAAgAEyh+CAAgQ1gIAAPyEAgABzUoCAAHc3IA==
  • Thread-topic: [RFC 0/4] Adding Virtual Memory Fuses to Xen
-----Original Message-----
> From: Julien Grall <julien@xxxxxxx>
> Sent: Friday, December 16, 2022 3:39 AM
>
> Hi Stefano,
>
> On 16/12/2022 01:46, Stefano Stabellini wrote:
> > On Thu, 15 Dec 2022, Julien Grall wrote:
> >>>> On 13/12/2022 19:48, Smith, Jackson wrote:
> >>> Yes, we are familiar with the "secret-free hypervisor" work. As
you
> >>> point out, both our work and the secret-free hypervisor remove the
> >>> directmap region to mitigate the risk of leaking sensitive guest
> >>> secrets. However, our work is slightly different because it
> >>> additionally prevents attackers from tricking Xen into remapping a
> guest.
> >>
> >> I understand your goal, but I don't think this is achieved (see
> >> above). You would need an entity to prevent write to TTBR0_EL2 in
> >> order to fully protect it.
> >
> > Without a way to stop Xen from reading/writing TTBR0_EL2, we
> cannot
> > claim that the guest's secrets are 100% safe.
> >
> > But the attacker would have to follow the sequence you outlines
> above
> > to change Xen's pagetables and remap guest memory before
> accessing it.
> > It is an additional obstacle for attackers that want to steal other
> guests'
> > secrets. The size of the code that the attacker would need to inject
> > in Xen would need to be bigger and more complex.
>
> Right, that's why I wrote with a bit more work. However, the nuance
> you mention doesn't seem to be present in the cover letter:
>
> "This creates what we call "Software Enclaves", ensuring that an
> adversary with arbitrary code execution in the hypervisor STILL cannot
> read/write guest memory."
>
> So if the end goal if really to protect against *all* sort of
arbitrary 
> code,
> then I think we should have a rough idea how this will look like in
Xen.
>
>  From a brief look, it doesn't look like it would be possible to
prevent
> modification to TTBR0_EL2 (even from EL3). We would need to
> investigate if there are other bits in the architecture to help us.
>
> >
> > Every little helps :-)
>
> I can see how making the life of the attacker more difficult is 
> appealing.
> Yet, the goal needs to be clarified and the risk with the approach
> acknowledged (see above).
>

You're right, we should have mentioned this weakness in our first email.
Sorry about the oversight! This is definitely still a limitation that we
have not yet overcome. However, we do think that the increase in
attacker workload that you and Stefano are discussing could still be
valuable to security conscious Xen users.

It would nice to find additional architecture features that we can use
to close this hole on arm, but there aren't any that stand out to me
either.

With this limitation in mind, what are the next steps we should take to
support this feature for the xen community? Is this increase in attacker
workload meaningful enough to justify the inclusion of VMF in Xen?

Thanks,
Jackson

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.