High Performance VM Introspection

so with all of that being said we're gonna listen to an interesting lecture on how to kind of inspect a virtual guest while still being performant in there get interesting talk because this is a problem where all the ways how to do this either you get inside the VM and they can corrupt and there go your controls or you be outside the VM sis Huck everything and just be ill performance and ops and others complaining about your guest being so slow or varieties on a thing so let's give it over to Chris or a rule and take it from here yeah thank you you seem to know so much already about the tag so good afternoon everyone thank you all

for being here my name is Raul and I will cover the for the first part of this presentation just to put you in context then Christie will cover the technical part and I like to state from the beginning that as you might have guessed we're not native English speakers and we have essentially zero experience in public speaking so please bear with us now this presentation is not going to be about our company but for those of you who don't know who B defender is allow me just a few words we are worldwide cyber security technology provider our technology is integrated in many other security solutions we were founded in 2001 and that accounts for almost two decades in security expertise

we operate a global security delivery infrastructure protecting half a billion users across more than 150 countries my team in particular is focused in researching how hardware virtualization technologies can be can be leveraged to strengthen security in virtualized environments as for us instead of reading what's been already written allow me to study the story until recently when people ask me where I came from I used to say that I come from Romania but then I realized that people often associate that and for good reason with uncertain economy poor infrastructure or high-level corruption it's funny how these three always come as a package so I give you the little thought and I wonder how else can I

better present the place that I'm coming from so that inspiration struck and now I'm proud to state that I come from Transylvania and yes it is a region in Romania and we actually live there does it sound better now why well according to Lonely Planet Transylvania is best known as the mysterious land of bloodthirsty vampires and howling wolves but don't worry we stop drinking blood 200 years ago when they perfected alcohol distillation it changed everything you know Bloody Mary it means something else now but I'm pretty sure you are not here to hear about these obsolete threats that can be overcome with a few cloves of garlic and a silver dagger although I could share a few stories

about my grand grand grandfather after the presentation his name by the way was a Vlad the Impaler okay instead we are going to talk about the kind of threads that keep security researchers on their toes or the kind of threat that can teach people how to buy Bitcoin to pay a ransom or the kind of threat that is used as a weapon in cyber warfare between states we will also emphasize how we are leveraging harder with hardware which allies Asian technologies to break the chain of attack employed by a PT's then we will talk about how latest improvements in vdx are assisting hypervisors and secretive security solutions like ours in achieving better performance in the end

we will uncover some measurements that we've conducted and the results and we'll drop some conclusions please remember to submit any questions that you might have on slide oh and we will try to answer all of them at the end so what our team has been developing in the last few years is what the industry called the industry called hypervisor memory introspection or virtual machine introspection technology now according to the first paper that has ever mentioned hypervisor introspection it is the approach of inspecting a virtual machine from the outside for the purpose of analyzing the software running inside it and this is what we are doing we are monitoring the behavior of the MS from the hypervisor for the purpose of

identifying rootkit and exploit activity so where does this kind of technology fit in the current security landscape first let's have a look at a typical chain of attack in the beginning there's the infection vector which can be a sparrow phishing email and in fact the webpage social media or so on receive user will most often follow a link which will trigger an exploit kit being detonated in the browser and then this exploit keep fingerprints the browser and abuse is a nun patch vulnerability which leads to a user mode payload being executed in the browser this user mode pelo will try to take advantage of another probability in the operating system to achieve kernel privilege and then it's game over most attacks

will use rookie techniques to acquire persistence and remain invisible then attackers could try to perform a lateral movement - in fact other systems on the network they could explore trade sensitive data they could encrypt data or even tamper with critical systems until they are discovered do you have any idea how long does it take for a company or institution to uncover a bridge any numbers one month two years it's sometimes it happens yes the global median 12-time that's the number of days between the initial compromise and the time of discovery is reported to be around 100 days imagine having one system in your company compromised for an hour and then think about the attackers having full access in control

to your entire company infrastructure and resources for a few months let's have a look now at a few specific and well-known apts and see how hvi can break their chain of attack this is carbonic apt which by the time of discovery in 2014 has targeted and in fact in several financial institutions around the globe reportedly just one bank has lost 7.3 million dollars when its ATMs were instructed to spew cash at certain times when members of the attack team were there to collect them to collect the money hbi is able to attack several steps in the attack chain chain starting with the exploitation tent the same applies to Turla apt discovered in 2014 it abuse the set of vulnerabilities

in Adobe Reader to avoid the sandbox and in Windows for local privilege escalation once again hvi detects and blocks the exploitation attempt as well as the root kit installation attempt while Neutron is another example it's been active between 2011 and 2015 and became notorious in 2013 when it's successfully infected companies such as Apple Facebook Twitter and Microsoft its latest inspection vectors in 2015 are still unknown but hvi can block the inspiration attempt and also the rootkit activity but the thing here is HD I was only launched in January 2017 these three attacks took place before HP I was available we tested against them and they are all blocked but I would like to share with

you what happened during the numerous AG and how HP I behaved eternal blue this should ring some bells with you it's an exploit developed by NSA for according to former NSA employees it hit the spotlight in April 2017 when a hacker group released hundreds of megabytes of material reportedly stolen from NSA the exploit was leveraged in one cry attack just a month later hitting 150 countries and causing losses of nearly four billion dollars in the following months the eternal blue exploit has been reported in use in several additional attacks most important all our customers have been protected from moment zero of these attacks this is a representation of the one Crytek by the way I really hope that

everyone here has heard about one cry only from the news and not from an incident here you can see how the attack was blocked before causing any damage before encrypting any data so how was this even possible I will bite my colleague Christie tell you that and also what obstacles did we hit and how did we overcome them thank you hi I'm Christie and I'm one of the lead edge hi developers BitDefender so as I mentioned the introspection technique was proposed several years ago as a way of protecting the system from outside the system itself well this was more difficult back then newer technologies like the brutalization extension of the Intel CPU make it makes

this a lot easier today however there are still challenges that we have to overcome like the semantic gap from the level of the hypervisor Hg I can only read physical memory we have to give meaning to those raw bytes and bridge the semantic gap in order to obtain a higher level view of the VM memory there are several solutions to doing this but our approach mixes data structures invariance and dynamic gas behavior analysis in order to obtain the location of relevant objects inside the VM memory once this is done we can target our protection in two different areas protecting hardware resources and protecting critical memory areas like code from the kernel or drivers and certain user mode processes that are

typically targeted by attacks such as your word processing office office apps applications and browser

H J can be deployed in three different scenarios the first proposed model is with the H J module placed directly inside the hypervisor this offers great performance as we are directly at the core of the things but it increases the idea of a pack of the hypervisor and makes development more tricky as for example an error in the H I module can affect the entire host or we may not have a lot of memory because the hypervisor is not able to swap the second approach is to place the HP module directly inside the introspected VMs the great advantage of this model is that it's really easy to bridge the semantic gap but it divides the entire

isolation idea and the final model is with H VI in dedicated security VM this offers great flexibility as we are just another normal user mod process but less performance as events need to be forwarded from the hypervisor to the VM another tricky part is the fact that we only see physical memory but the VM is using virtual memory in a utilized environment there are two level of memory translation first one translates guest linear addresses to guest physical addresses using in guest legacy page table and the second one translates guest physical addresses to host physical addresses using the extended page table the legacy page table contains the access rights of the memory as set by the guest and security tools

cannot modify or inspect those because messing with the operating system memory manager is always a bad idea and may crash the guest however the EPT is entirely controlled by the hypervisor and Hg I can place additional restrictions on memory blocking several types of attacks typically it removes the right permission from read-only memory areas such as code section or critical data structures and the execution permission from pages that should not be executed like the stack or the heap trying to write to those pages or to execute from those will trigger an EPT violation transitioning from the guest to the hypervisor and then HVAC and inspect the access and lock it if if necessary one problem that arises here is that the EPT

controls the translation from guest physical pages to the hosts physical pages which means that our protection is set on guest physical memory but the guest is using linear addresses so in order to offer a proper protection we need to maintain a proper mapping between the linear addresses used by the guest and the physical addresses we actually seem protect this is done by intercepting writes to the page tables using the EPT when the memory manager of the OS changes something in the page tables an EPT violation is triggered and we can adjust our protection policies accordingly for example if a page is swapped out we remove the protection if it is opted in we add the protection and

if the translation translation itself is moved we move the protection to the new page this is where our performance concerns start to rise up most apt violations are generated by writes inside the page tables and a huge amount of those are not really relevant for us there are two sources of rights that trigger this the first one is the CPU itself when doing a page work the CPU may try to set the access of dirty bits inside the page tables and this triggers an EPT violation these bits are set atomically in each level of translation so even if we do not want it or all levels will still get an exit due to this effect another source of Rights is

the memory manager itself which may do very frequent writes for example starting with restaurant for windows added some locking bits to the page table entries which are accessed quite often but even without this change there are still a lot of rights that not interests us because we only care about a small subset of those only rights that modify control bits of translation bits here are some results from redstone for two percent of violations are done outside the page tables and from the Rights done inside the page tables only eight percent are relevant for us we can improve on this by using newer Intertek knowledge ease like the beetle ization exception and the vm from construction the

vitalization exception allows us to convert certain EPT violation to an exception that is delivered to the guests without triggering a VM exit so we can move a tiny part of the HDI logic inside the guest and let it filter these events we then can protect this stub from the rest of the guests by placing it enough different physical address space and then we can switch between these physical address spaces using the VM funk instruction the VM funk instruction allows the guest to execute certain actions without actually triggering a VM exit the only function defined so far by Intel is the apt switch function which will change the current EPT therefore change the current physical address space the filtering

stub is a kernel mode driver it could be pre-installed in the VM but that would make it vulnerable to attacks and it also has the added disadvantage of having to install and maintain an agent in each VM instead we dynamically inject it whenever it is necessary both the filtering stub and the main hy component have the task of setting up the environment first hei creates that new security team in which the filtering stub will be placed then hy configures hardware support for this and injects the filtering stop the filter next up simply intercepts the vaporization exception handler of the US and then hei can mark certain pages as convertible which means that instead of an EPT

violation will receive an exception in the guest and now the stub can do its job due to the fact that it runs inside the guest the stub is vulnerable to attacks from the untrusted kernel or certain applications so besides creating the besides creating that security PT view we place additional restrictions on memory the stub is read-only for the rest of the guest in the untrusted tippity view so an attacker cannot temperate our code and data and overwrite us also the rest of the US while being mapped it will rights in the untrusted EPT is only read writing the trusted view we do this because we do not want an attacker to be able to execute its code in the trusted

you and we also need the tempering page for switching between the views which is executable above a PT's now we can safely filter base table accesses and based on the source of the right and the wait modifies memory there are different methods of handling it for CPU page worker induced writes this is trivial a bit will be set in the information field of the exception so it is easy to check it is trivial to handle normally if this will trigger an EPT violation we will have to either do a full page walk emulation or to a single step in order to ensure that all the proper action are taken but since we are now in the guest

context and we have access to its memory we can simply access that page wants one more time and the new page what could be triggered for memory manager induced writes it is more complicated first we need to decode the instruction that does the access in order to obtain the new written value then we compared the new value with the old value and if the right is relevant we trigger a VM exit and let hv8 handle the access if it is not real relevant we have to emulate it but this is straightforward again we note the value and we can simply write it to the base table we run a series of benchmarks and seen here is a benchmark

done on redstone for using the Chrome browser in different processing scenarios and measuring the load time of pages in in three cases now hvi traditional hvi and HDI with the virtualization exception improvement and in some cases the page loaded three times faster so new technologies really really help us improve performance and now I'm going to let roll give us some closing remarks thank you [Applause] so to summarize everything in just a few words security never just happens it doesn't just happen it's a state which requires constant effort to be preserved I think about the laws of thermodynamics is just like trying to maintain a system in an ordered low entropy state second you can leverage your hypervisor to do

this for you to provide that required amount but also efficiency of energy to keep you safe this approach of using virtualization technologies to introspect VMs has proven effective and with virtualization technologies are constantly constantly improving allowing better performance for this kind of security solutions actually there's a one improvement coming later this year from Intel called sub page permissions which allows us to protect memory regions with granularity smaller than 4k page so instead of monitoring an entire memory page to protect for example accesses to 128 bytes structure SBP allows us to monitor only accesses to that small structure imagine what performance improvements will bring that so you might be hearing again from us soon also you can check out labs EE

final come to see what our labs are working on there's a bunch of cool stuff and useful resources there such as great blog articles white papers ransomware decryption tools although I really hope you won't ever need those then there's this awesome threat map which is always cool just to sit and watch who's attacking whom that being said thank you once again and let's see if we have any questions any questions from the audience okay sir coming right on up thank you for the interpreting presentation there are a lot of samples that can detect virtual machine how do you address this problem if you have some insight about the problem of virtual machine detection you know mal

work and the text virtual machine and just await execution in such environment the solution is intended specifically for virtualized environments so if a malware detects it run is a virtual machine if the virtual machine is intended to run on top of a hypervisor so if the malware refuses to run it's better so it's okay so it exactly doesn't matter that the malware detects it's running in a virtual machine our customers use virtual machines already so it that the solution is targeted for virtualized environments okay anyone else no one online it looks like we just had a great talk so thank you guys it's been a pleasure [Applause]