xpds16: hypervisor enforced data loss prevention - neil sikka, a1logic

Hypervisor EnforcedData Loss Prevention

Presented by:Neil Sikka

Outline

• Problem Statement

• Goals

• Technical Architecture• Messaging Subsystem

• Graphics Subsystem

• Storage Subsystem

• Crypto Subsystem

• Security Architecture

Problem: Data Breach

Causes:• Sensitive data is unencrypted in memory for processing by the application.

Modern malware is capable of stealing data out of memory in this decrypted

state.

• External Attackers can steal data via:

• 0Day exploits/malware • Stolen credentials

• Malicious Insiders can steal data via:

• Email • USB Storage • DVDs • Deliberate Malware Installation

• Copy/Paste functionality • Device Theft • Kernel Malware/Debugger

Detection is Dead

• Malicious insider wants to exfiltrate this Social Security Number out of organization: 999-96-1770

“(GreAtest tHr33 d1G1t iNtegeR) - (nUmbEr oF C3nts in A doLLar - 4) - (YeAr tHe

US DecLaRati0n of INd3P3Nd3NC3 was sIgNeD - )”

“I can see nine hundred and ninety nine green ducks sitting in a row. 96 of them have extra long beaks. There are one thousand seven hundred and seventy ducks total in the flock of ducks.

• Detections, heuristics, pattern matching and behavioral analysis can be bypassed in an infinite number of ways

• Same reason why signature based antivirus is outdated

• Its even easier for reverse engineers to bypass detections when the vendor distributes the binaries/signatures of the DLP system to run on endpoints

• Hardware enforced algorithmic approach is not vulnerable to anomalous attack patterns

Goals

• Protect Data under assumption of compromised:• Users(Kernel debuggers)

• Devices(Kernel rootkits)

• Networks(Routers)

• Algorithmic rather than Heuristic DLP

• Transparent to legacy applications and unmodified popular applications and Users

• Use “military grade” approaches• Hardware-enforced Hypervisor isolation

• High strength cryptography

Solution: Hypervisor Enforced DLP

• Endpoint Security Software• “Look But Don’t Touch”• Use the Hypervisor’s Containerization capability to isolate data from user,

network and external attacks, preventing Data Breaches (Hypervisor Enforced DLP)

• Decrypt cypher text inside of hardware-isolated VM Containers, process the data and then re-encrypt the same before it is sent out of the VM Container for storage or distribution

• The end user experience is largely unchanged• Keep data within an organization by locking down data to:

• Authorized users/groups AND• Authorized device(s)

• Software only solution - No additional hardware required

Desktop Experience

Environment

• Windows 7 64 bit Untrusted Domain

• Windows 7 64 bit Trusted Domain

• Xen-4.4.0

• Paravirtual drivers in Untrusted Domain/Trusted Domain

• Dom0: x86_64 Linux 3.19.1

Messaging Subsystem

• No network connection in Trusted Domain• Security risk

• Configuration and small messages passed in XenStore

• Large data passed via grant pages & event channels

• 2 separate protocols over Xenstore:• Seamless Protocol

• Shunt Protocol

Graphics Subsystem

• Similar to VirtualBox’s “Seamless Mode”

• Seamless Protocol: Trusted Domain QEMU<--->Display Domain Seamless.exe

• Trusted Domain userland Window Hooks (Windows 7)• User32!SetWinEventHook• Write Window coordinates to VGA device IO ports, sent over Seamless protocol• XPDM display driver architecture

• Heavy modifications to Trusted Domain’s QEMU’s SDL layer• Hooked Keyboard/Mouse events are received over Seamless Protocol from

Destination Domain’s Seamless.exe• DisplaySurface on grant pages shared with Display Container• Event Channel fired for rendered surfaces ready to display• Event Channel fired for Keyboard/Mouse IO from Seamless.exe

Graphics Subsystem (2)

• Custom Seamless SDL application• Display surface grant pages mapped

• Mouse/Keyboard events written to Seamless Protocol

• Windows clipped out of display surface

• Custom LALR grammars defined to handle large screen surface grant reference allocations• ~3MB of surface grant pages

• XenStore only handles strings, not integers

Seamless Protocol Diagram

Storage Subsystem

• Shunt Model• Need to share files• No SMB because Trusted Domain is offline• OCFS for Windows, IBM GPFS, etc. require complex configurations

• NTFS virtual disk

• Mutually Exclusive mount to Trusted/Untrusted Domains• Runs over Messaging Subsystem• Always mounted in one of the two Domains

• Filesystem Minifilter in Trusted Domain• Encrypt Data before writing to disk• Decrypt Data after reading from disk

• Shunt Protocol for communicating Untrusted Domain/Trusted Domain

Shunt Protocol

• Protocol Commands• Open: Dom0 passes through message Untrusted Domain->Trusted Domain

• Detach: initiated from inside DomU, Dom0 does block-detach after DomUgraceful unmount

• Application Exit: Dom0 passes through message Trusted Domain->Untrusted Domain

• Protocol endpoints in Untrusted Domain/Trusted Domain execute relevant Windows APIs

Shunt Protocol Diagram

Crypto Subsystem

• PGP: DLP Key (Asymmetric) protects File Key (Symmetric)• DLP Key unique per user per device

• Multiple Trusted Domain instances on a machine have same DLP key for a given user

• Each Trusted Domain’s vTPM protects DLP Key

• DLP Key decrypts File Key

• File Key decrypts File• handed to minifilter driver

Security Architecture

• Domains containing unencrypted Data, Keys or graphics are sensitive• Trusted Domain (multiple)

• Don’t forward to Untrusted Domain because of screen scraping malware

• Display Domain

• Dom0

• Trusted Domain image based on known good hashes

• IO Encryption VM (similar to OpenXT VPN VM)• File Key is combination of secrets in Trusted Domain & IO Encryption VM

Questions

We are Hiring

Neil Sikka

neils@A1Logic.com

202-888-7765 x 121

www.A1Logic.com

@A1Logic