Description
Virtualization is one of the fundamental technologies enabling the modern cloud
computing infrastructure. The widespread use of hardware virtualization capabilities,
such as Intel VT-x and AMD SVM, has enabled virtual machines to achieve performance
comparable to that of non-virtualized systems.
A hypervisor is the main component responsible for ensuring the security of tenants
while allowing on-demand resource sharing. Due to their widespread use, hypervisors
have long been scrutinized by the security community.
One capability of modern hypervisors that has not yet been exhaustively evaluated
for its security is nesting. This mechanism allows guests to act as hosts themselves,
spawning further virtual machines. Due to hardware limitations, nesting virtual machines
relies on the bare-metal hypervisor software to emulate hardware virtualization
features. In doing so, the emulation must ensure that permissions apply transitively,
and a nested guest cannot gain capabilities exceeding those of its intermediate parent.
In this thesis, we design a comparative approach for evaluating nested virtual
machine emulation of the bare-metal host. We implement a prototype capable of
measuring the emulation of relevant hardware instructions and collecting data from
nested virtual machines. By comparing data from multiple hypervisors and identifying
diverging behavior, our approach can pinpoint bugs and errors in the emulation.
We utilize our implementations to test and evaluate three popular open-source
hypervisors. Our evaluations show that our approach can identify errors in the
evaluated hypervisors using a limited number of tests and comparisons. We suggest
that further work is needed to ensure that nested virtualization effectively ensures
security.
|
