nested virtual machines and proxies
DESCRIPTION
USENIX OSDI 2012 Poster "Nested Virtual Machines and Proxies for Easily Implementable Rollback of Secure Communication" by Kuniyasu Suzaki, Kengo Iijima, Akira Tanaka, and Yutaka Oiwa, AIST: National Institute of Advanced Industrial Science and Technology; Etsuya Shibayama, The University of TokyoTRANSCRIPT
![Page 1: Nested Virtual Machines and Proxies](https://reader037.vdocuments.pub/reader037/viewer/2022100600/556a455dd8b42a4a1e8b4d46/html5/thumbnails/1.jpg)
Nested Virtual Machines and Proxies for Easily Implementable Rollback
of Secure Communication
Problem: Implementations of secure communication have vulnerabilities. (Current target is Transport Layer Security and Secure Socket Layer: TLS/SSL) Approach: Verify the implementation by fuzzing test. It requires to check many states of protocol. The states are verified repeatedly by rollback. Challenge :
• Fine-grained (packet level) control of snapshot & rollback to check states of protocol • Re-connect secure communication when resuming, because rollback cuts the connection • Rollback must include packets on network and computing environment (random number, etc)
Straight solution requires heavy customization on existing rollback implementation, because it does not treat status of packets on network and network connection. We propose
• new protocol which capsulates TLS/SSL packets and controls VM’s snapshot / rollback • rollback technique which integrates nested VMs and proxies
Merits: • Easy implementation which utilizes existing nested VM’s snapshot/rollback • Development is internal and external proxies only • This technique is applied on another nested VM implementation • Snapshots are transferred to other real machines and resumed for parallel test
・ This technique is used for TLS/SSL fuzzing (Fig 2). ・ The part of client will be replaced with protocol fuzzing generator which is developing now. ・Snapshot images are transferred to other machines and restart them. It makes possible for parallel test.
Client Hello
Server Hello
Server Certificate
Server Hello Done
Take Snapshot
[fuzz]Client Key Exchange
Resume
[fuzz] Client Key Exchange
Snapshot
Rollback
Client2 Server2VM-C2 VM-S2
[fuzz] Client Key Exchange
Send snapshot images to try fuzzing test on other machines
……
…
Client1 Server2VM-C1 VM-S2
(Fuzz Generator)
Load VM
・ New protocol encapsulates TLS/SSL packets and manages status on the network. ・ The external VM’s snapshot keeps the connection between internal VM and internal proxy. ・ When rolling back, the connection is re- established between external & internal proxies using new protocol. ・ VM includes all computing environment and makes possible to check code which depends on environment (e.g., random number generator). ・ The rollback technique is implemented with KVM and QEMU. Proxies uses Perl.
Proposed Protocol
Action
Capsule Sending Internal proxy encapsulates TLS/SSL packet. Receiving Internal proxy decapsulates control packet.
Take Snapshot Take VM snapshot image. Packets between internal proxies are purged. Return snapshot ID.
Rollback (with ID)
Rollback snapshot image. Connection between internal proxies is dis- and re-connected when rolling back.
Figure 1. Overview of rollback with nested VM and proxies
Figure 2. Image of fuzzing test
Table 1. Protocol which capsulates existing protocol and controls VM
Server (Real Machine)
External VM
Internal VM
InteralProxy
TLS server
The connection is cut when external VM takes snapshot. All packets are flushed before the snapshot using control packet.
Client (Real Machine)
External VM
Internal VM
ExternalProxy
Internal Proxy
Add VM Control packet (Snapshot,Rollback)
Encapsulate TLS/SSL packetWith control packet.
Decapsulate control packet
Port forward
External VMInternal VM
SSHKeep connection
External VMInternal VM
TLS clientKeep connection
Snapshots
External VMInternal VM
SSHKeep connection
External VMInternal VM
TLS serverKeep connection
SnapshotsExternal Proxy controls two external VMs for snapshot & rollback.External Proxy manages re-connection with internal proxies when rolling back.
TLS client(fuzzing)
Kuniyasu Suzaki*, Kengo Iijima*, Akira Tanaka*, Yutaka Oiwa*, Etsuya Shibayama*,‡ * National Institute of Advanced Industrial Science and Technology (AIST), ‡ The University of Tokyo