Linux Virtualization Based Security - Anna Trikalinou, Microsoft Corporation & Thara Gopinath

Linux Virtualization Based Security - Anna Trikalinou, Microsoft Corporation & Thara Gopinath, Microsoft

This talk is an introduction to Linux Virtualization based Security (LVBS), a security feature that can a) harden the kernel and b) ensure that critical kernel resources remain untampered, even if the kernel gets compromised. VBS uses hardware virtualization and the hypervisor (Hyper-V) to create an isolated virtual environment that runs as a higher trust level, called Virtual Trust Level 1 (VTL1). VTL1 has its own kernel, separate from the Guest kernel, referred to as the Secure Kernel. In this talk, we show the threat model we followed to build the LVBS architecture and the minimal interface between the Secure Kernel and the Guest Kernel. We talk about how we defend the Secure Kernel from a malicious guest (i.e. integration with Secure Boot) and the security features we implemented in the Secure Kernel to protect the Guest, including memory protection and register pinning. Finally, we discuss our future plans to extend the Secure Kernel to provide secure storage, trustlet support, module authentication, etc. Link to Code: https://github.com/heki-linux/lvbs-linux