From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Integrity in untrusted environments
Date: Fri, 01 Aug 2014 08:50:30 +0200
Message-ID: <53DB38B6.1080405@redhat.com>
References: <loom.20140731T230604-167@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
To: Shiva V <shivaramakrishnan740@gmail.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-qa0-f41.google.com ([209.85.216.41]:38062 "EHLO
	mail-qa0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750851AbaHAGuj (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 1 Aug 2014 02:50:39 -0400
Received: by mail-qa0-f41.google.com with SMTP id j7so3570991qaq.28
        for <kvm@vger.kernel.org>; Thu, 31 Jul 2014 23:50:38 -0700 (PDT)
In-Reply-To: <loom.20140731T230604-167@post.gmane.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 31/07/2014 23:25, Shiva V ha scritto:
> Hello,
>  I am exploring ideas to implement a service inside a virtual machine on 
> untrusted hypervisors under current cloud infrastructures.
>  Particularly, I am interested how one can verify the integrity of the 
> service in an environment where hypervisor is not trusted. This is my setup.
> 
> 1. I have two virtual machines. (Normal client VM's).
> 2. VM-A is executing a service and VM-B wants to verify its integrity.
> 3. Both are executing on untrusted hypervisor.
> 
> Though, Intel SGX will solve this, by using the concept of enclaves, its not 
> publicly available yet.
> 
> One could also use SMM to verify the integrity. But since this is time based 
> approach, one could easily exploit between the time window.
> 
> I was drilling down this idea, We know Write xor Execute Memory Protection 
> Scheme. Using this idea,If we could lock down the VM-A memory pages where 
> the service is running and also corresponding page-table entries, then have 
> a handler code that temporarily unlocks them for legitimate updates, then 
> one could verify the integrity of the service running. 

You can make a malicious hypervisor that makes all executable pages also
writable, but hides the fact to the running process.  But really, if you
control the hypervisor you can just write to guest memory as you wish.

SMM will be emulated by the hypervisor.

If the hypervisor is untrusted, you cannot solve _everything_.  For the
third time, what attacks are you trying to protect from?

Paolo