Download - Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations

TWO CHALLENGES OF STEALTHY HYPERVISORS DETECTION:

TIME CHEATING & DATA FLUCTUATIONS

Igor Korkin

CDFSL 2015

Agenda

● Hypervisor (or HYP) as a security threat

● Ways of HYPs detection & their drawbacks

● Time-based detection methods

improvements & its challenges

Any PC can be compared with a big ship

*The Russian Nuclear Icebreaker "Yamal“ in the Arctic

Any PC can be compared with a big ship

User & kernel modes

Hypervisor

SMM

AMT

Firmware level

*The Russian Nuclear Icebreaker "Yamal“ in the Arctic

Plugged device

with infected chip

The existing places to plant the backdoor

User & kernel modes

(VMX non root mode)

Hypervisor

(VMX root mode)

System Management

Mode (SMM)

Active Management

Technology (AMT)

Firmware level

e.g. BADUSB, 2014

Own chip on the

motherboard

ADFSL 2014

ADFSL 2015

AMT keylogger by Stewin & Seifert,

2011

SMM keylogger by Wecherowski,

2009

GPU-based Keylogger by

Koromilas, 2013

What & where is a hypervisor?

Image source: http://pngimg.com/download/5932


AV



OPERATING SYSTEM

COMPUTER HARDWARE

AV


2005-now1990-2005


OPERATING SYSTEM

COMPUTER HARDWARE

OPERATING

SYSTEM

HYPERVISOR*

• VT-x• AMD-V

COMPUTER HARDWARE

AV


2005-now1990-2005


OPERATING SYSTEM

COMPUTER HARDWARE

OPERATING

SYSTEM

HYPERVISOR*

• VT-x• AMD-V

*Hypervisor (or HYP) is a code run by

CPU in a more privileged mode than OS

COMPUTER HARDWARE

AV


CPU without VT-xlow performance computers

CPU with VT-xhigh performance computers

Does your CPU support Hardware Virtualization?

Check on ark.intel.com or use CPU-Z

What computers support hardware virtualization?

Server

Workstation

LaptopNetbook &

Ultrabook

mini PC

tablet PC

VT-x

VT-x

VT-x

no

no

no

Five features of HYP & the area of its application

Features

1. HYP can control access to memory, HDD etc

2. Impossible to block or delete HYP by OS

3. There is no built-in tool for HYP detection4. HYP can prevent its detection = stealthy HYP

e.g. by using time cheating

5. HYP installs invisibly for both users & AVs

Areas

Five features of HYP & the area of its application

Features

1. HYP can control access to memory, HDD etc

2. Impossible to block or delete HYP by OS

3. There is no built-in tool for HYP detection4. HYP can prevent its detection = stealthy HYP

e.g. by using time cheating

5. HYP installs invisibly for both users & AVs

Areas

1 + 2 = for security

1 + 2 + 3 + 4 + 5 = for backdoor

Backdoor HYP can Ways to plant a HYP

Overview of a backdoor HYP facilities

● using OS

vulnerabilities to load

a driver-based HYP

● using BIOS-based

approach to infect a

motherboard

● record keystrokes

● steal all data

● block PC

Hardware

Hypervisor with secure system monitor functions

Backdoor hypervisor

Backdoor HYP & well-known examples

Loaded #2

Loaded #1

HYP example Author HYP is loaded by CPU

Blue Pill Invisible Things Lab Windows driver

Vitriol Matasano Security MAC OS driver

Russian Ghost M.Utin by DeepSec14 BIOS

Backdoor HYP & well-known examples

Loaded #2

Loaded #1

Hardware


Backdoor hypervisor

Analysis of hypervisor detection tools

Tool Detection method

Resi-lient?

Easy to distribute?

Hardware

Copilot 2004Signature based + ―

Deep Watch 2008

Software

Symantec EndPoint Protection 2012 Based on the

trusted HYP

― +McAfee Deep

Defender 2012

Actaeon 2013 Signature based

Proof of Concepts2008 - 2015

Behavior based & Time based

New proposal tool Time based + +

Tool Detection method

Resi-lient?

Easy to distribute?

Hardware

Copilot 2004Signature based + ―

Deep Watch 2008

Software

Symantec EndPoint Protection 2012 Based on the

trusted HYP

― +McAfee Deep

Defender 2012

Actaeon 2013 Signature based

Proof of Concepts2008 - 2015

Behavior based & Time based

New proposal tool Time based + +

Analysis of hypervisor detection tools

What are the principles of

these software detection

tools?

Hypervisor detection methods

Signature based

Behavior based

Based on the trusted HYP

Time based

Without HYP Non-stealthy HYP Stealthy HYP

Signature based detection

HYPcode

Physica lmemory

Physica lmemory

HYPcode

• HYP is loaded to memory

• We can detect a HYP using a

search in the mem dump

• HYP hides memory areas

• HYP prevents acquiring a real

memory dump from OS

Physica lmemory

Detection based on the trusted HYP

*McAfee Deep Defender Technical Evaluation and Best Practices Guide

The boot process with McAfee Deep Defender

Detection based on the trusted HYP

*McAfee Deep Defender Technical Evaluation and Best Practices Guide

The boot process with McAfee Deep DefenderWORM HYP

WORM HYP

Vulnerability:

• If worm HYP

is loaded first

it blocks Deep

Defender

• Exp. BIOS-

based HYP

Old CPU & HYP2007-2011

New CPU & HYPnowadays

Behavior based detection

Is OS Freezed?

VMSAVE 0x67

Yes

No

HYP is present

No HYP ? ? ?

? ? ?

Yes

No

VMSAVE 0x67 is a “bug” instruction presented by Barbosa in the 2007

There is no such “bug” instruction for new CPU

Time based detection

Operating System

event 1

event 2∆ 𝑡𝑡 2

timer

𝑡1

is small


Operating System Hypervisor

event 1

event 2

∆ 𝑡

VM Exit

VM Entry𝑡 2

timer

𝑡1

Dispatcher is significant


Operating System Hypervisor

event 1

event 2Dispatcher

Time cheating function

VM Entry

𝑡 2

timer

VM Exit

𝑡1

is small

∆ 𝑡

Drawbacks of HYP detection methods

Based on the trusted HYP

Behavior based

Signature based

Time based

Is good only for old CPU & HYPS

Vulnerable to hidden pages

Susceptible to MITM attack*

Vulnerable to time cheating

*MITM attack - man in the middle attack

Time based detection. Yesterday.

Time based

HYP detection

Using average

values (2007)

Time based detection. Today.

Timecheating(2008)

Time based

#1 How to detect a HYP

that applies time cheating?

Using average

values (2007)

Time based detection. Today & tomorrow

Timecheating(2008)

Using average

values (2007)

Usingstatistics

(CDFSL 2015)

HYP detection

Time based

#1 How to detect a HYP

that applies time cheating?

Operating System

Unconditionally

Intercepted

Instructions

event

Let's focus on the time-based detection by unconditionally intercepted

instructions

Our detection

program is execute

these instructions

Time based detection by Unconditionally Intercepted Instructions

Their execution is always trapped by HYP

e.g. CPUID instruction

How to detect

a HYP using

them?

Average

IET values

What are these?

1. T1 = get_time()

Instructions Execution

Time (IET) = T2 - T1

2. execute CPUIDs

3. T2 = get_time()




How to detect

a HYP using

them?

Average

IET values

What are these?

1. T1 = get_time()



2. execute CPUIDs

3. T2 = get_time()




How to detect

a HYP using

them?

Average

IET values

What are these?

* Lifebook E752 Core i5, Windows Live CD XP DDD

Non Stealthy

Without HYP ~2,000

With HYP ~20,000

1. T1 = get_time()



2. execute CPUIDs

3. T2 = get_time()


Non Stealthy Stealthy HYP

Without HYP ~2,000 ~2,000

With HYP ~20,000 ~2,000



!

How to detect

a HYP using

them?

What are these?

* Lifebook E752 Core i5, Windows Live CD XP DDD

Average

IET values

How do we want to detect a HYP?

What steps can be used

to detect a stealthy

hypervisor?

Preliminary stage

Detection

stage

What are the steps for time-based detection?

1. Load a clear PC without any HYP

2. Measure time for no HYP and for HYP present

3. Calculate *STAT* value (now it is average)

4. Achieve intervals for each of two cases:

5. Measure time & calculate *STAT* value

6. Check if *STAT* value is belongs to the intervals:

No HYP tiny HYP present *STAT*

*STAT* = ?

How to find the appropriate statistics?

What is happening to

the PC during time

measurements?

What is happening to the computer during time measurements?

Without HYP: OS SMM*

With HYP: OS HYP

SMM*

SMM ― System Management Mode, works lower than HYP & OS

SMM interrupts ― occur randomly & suspend PC for a short time

VMX transitions ― catch execution of every CPUID instruction

SMM interrupts

VMX transitions

SMM

OS HYP

SMM

Switching between CPU modes during time measurements of CPUID execution1. Without HYP:

2. With HYP:

OS SMM

Process of execution

CPUID instructions

● CPU works as a stochastic system

● SMM interrupts both OS & HYP

● IET indexes are increased after HYP is loaded:

Theoretic analysis of switches between modes

IET has a layered structure

Average

Number of layers

Variance & 4th order moment

IET is a random variable

● CPU works as a stochastic system

● SMM interrupts both OS & HYP

● IET indexes are increased after HYP is loaded:

Average Time-cheating by HYP

Number of layers Both are possible for

stealth HYP detectionVariance & 4th order moment

Theoretic analysis of switches between modes

IET has a layered structure

IET is a random variable

Let’s check these three ideas by

experiment

Scheme of the experiment1. Run a tiny HYP with time cheating

2. Measure IET by the own driver:

→ matrix 1000 x 10

Instruction Execution Time in CPU ticks*Number of outer loop interactions1 2 3 … 10

Number of

inner loop interactions

1 2004 2008 2048 … 2044

2 2000 2008 2048 … 2048

3 2012 2004 2048 … 2044

4 2008 2000 2048 … 2048

5 2008 2004 2044 … 2040

… … … … … …

1000 2008 2000 2040 … 2036

* without HYP, Lifebook E752 Core i5, Windows Live CD XP DDD

Analysis of the experimental results

1985

1995

2005

2015

2025

2035

1 20 39 58 77 961985

1995

2005

2015

2025

2035

1 20 39 58 77 96

Comparison of statistical indexes values

Are averages values the same?

No HYP Stealthy HYP Present


1985

1995

2005

2015

2025

2035

1 20 39 58 77 961985

1995

2005

2015

2025

2035

1 20 39 58 77 96


Yes, averages values are the same

Does IET have a layered nature?



1985

1995

2005

2015

2025

2035

1 20 39 58 77 961985

1995

2005

2015

2025

2035

1 20 39 58 77 96



Yes, IET has a layered nature

Is the number of layers increased?

Is the variance increased ?



1985

1995

2005

2015

2025

2035

1 20 39 58 77 961985

1995

2005

2015

2025

2035

1 20 39 58 77 96



Yes, IET has a layered nature

The number of layers is increased: 4 < 12

The variance is increased: 14 < 85


Yeah! We’ve done it!

We’ve found the following “resilient” statistics:

● number of horizontal layers

● variance

● 4th order moment

𝑉=∑ (𝑥 𝑖−𝑋 )2

𝑛

𝑀 4=∑ (𝑥 𝑖− 𝑋 )4

𝑛

Let’s use statistical tests to complete samples

What statistical tests are

appropriate to compare

these samples?

But also IET has the following anomalies:

● IET samples include noise

● IET samples statistics fluctuate daily

● IET random variable is not normally distributed

Possible ways to compare the samples

Classical parametric tests Non-parametric tests● Student’s t-test● ANOVA & ANCOVA

Require normal distribution

● Wilcoxon test

Give bad approximation

Possible ways to compare the samples

Classical parametric tests Non-parametric tests● Student’s t-test● ANOVA & ANCOVA

Require normal distribution

● Wilcoxon test

Give bad approximation

Kornfeld (USSR’65) or Strellen (GER’01) method:

𝑐𝑜𝑛𝑓𝑖𝑑𝑒𝑛𝑐𝑒𝑖𝑛𝑡𝑒𝑟𝑣𝑎𝑙 : (𝑇𝑀𝐼𝑁 ,𝑇𝑀𝐴𝑋 )𝑐𝑜𝑛𝑓𝑖𝑑𝑒𝑛𝑐𝑒𝑙𝑒𝑣𝑒𝑙 :𝑃=1−0.5𝑛− 1

𝐿𝑒𝑡𝑇 1,𝑇 2 ,..𝑇𝑛 𝑖𝑠 𝑎 𝑠𝑎𝑚𝑝𝑙𝑒 , h𝑡 𝑒𝑟𝑒𝑓𝑜𝑟𝑒

1. Calculate variances for each matrixes of IET values:

V1 V2 .. V10

Calculate statistics & variation intervals

1 2 .. 10

1…

1000

1 2 .. 10

1…

1000

V1 V2 .. V10

2. The result:

No HYP HYP present

No HYP HYP present

1. Calculate variances for each matrixes of IET values:

V1 V2 .. V10

Calculate statistics & variation intervals

No HYP HYP present

Overlap too much

V

1 2 .. 10

1…

1000

1 2 .. 10

1…

1000

V1 V2 .. V10

2. The result: instability of statistics values

Data fluctuation: instability of statistics

What are the reasons for

the instability of statistics?

Reasons for the data instability or data fluctuations are outliers & jumps

2000

4000

6000

8000

10000

1 31 61 91 121 151

jump

outlier

2000

3000

4000

5000

6000

7000

8000

9000

10000

11000

1 11 21 31 41 51 61 71

outliers

2360

2370

2380

2390

2400

2410

2420

2430

1 11 21 31 41 51 61 71 81 91 101 111

low frequency values

𝑉=∑ ( 𝑋𝑖−𝑋 )2

𝑛

Variance is significantly

increased because of

outliers and jumps

Type of noise

Outlier, low frequency value Jump

TO DOLow frequency

filtration with 2-10%

How to overcome the negative influence of outliers & jumps

2000

3000

4000

5000

6000

7000

8000

9000

10000

1 10 19 28 37 46 55 64 73 82 91 100

VAR = 526,000


2000

3000

4000

5000

6000

7000

8000

9000

10000

1 10 19 28 37 46 55 64 73 82 91 1002000

3000

4000

5000

6000

7000

8000

9000

1 10 19 28 37 46 55 64 73 82 91 100

VAR = 526,000 VAR = 93,000

without an outlier

Type of noise


TO DOLow frequency



2000

3000

4000

5000

6000

7000

8000

9000

10000

1 10 19 28 37 46 55 64 73 82 91 1002000

3000

4000

5000

6000

7000

8000

9000

1 10 19 28 37 46 55 64 73 82 91 100

VAR = 526,000 VAR = 93,000

without an outlier

VAR = 123

without a jump

2000

2200

2400

2600

2800

3000

3200

3400

1 10 19 28 37 46 55 64 73 82 91 100

Type of noise


TO DOLow frequency


𝑉=𝑎

𝑎+𝑏∗𝑉 𝑎+

𝑏𝑎+𝑏

∗𝑉 𝑏

𝑎 𝑏

𝑉 𝑎 𝑉 𝑏

I decided to test these ideas &

try to detect a HYP every day

day #1

day #2

day #3

Obtain different statistical values on different days

No HYP HYP present

V

No HYP HYP presentV

No HYP HYP present

V

Obtain different statistical values on different days

day #1

day #2

day #3

No HYP HYP present

V

No HYP HYP presentV

No HYP HYP present

V

no appropriate threshold

Data fluctuation: lack of repeatability

How to overcome this

data fluctuation every day?

1. Two-step way to calculate statistics :

2. Repeat measurements within 10 days

1 2 .. 10

1…

1000

Overcoming the lack of repeatability

..

𝑉=𝑎𝑣𝑒𝑟𝑎𝑔𝑒 (𝑉 1 , .. ,𝑉 10 )

Step #1

Step #2 as new sample

Matrix of IET values:

No HYP tiny HYP presentAs a results: 𝑉

What can we do if variation intervals keep overlapping?

No HYP HYP present

V

- overlapping part𝐴 𝐵 𝛿

No HYP HYP present

V

→ repeat data acquisition & stats calculation

- overlapping part

Type errors Decision Reality Probability

I HYP is present no NYP

II no NYP HYP is present

𝐴 𝐵

What can we do if variation intervals keep overlapping?

𝛿

Threshold values calculation

1.

2. Calculate two-step way statistics after filtration

3. Choose threshold values so that the sum of

probability of type I and II errors comes to its min

Day #1

= 5+5

Day #2

= 5+5

Day #10

= 5+5

Matrices count

no HYP 50

tiny HYP 50

..

Example of threshold values

Statistics Filtration

level

Threshold values Type I error,

%

Type II error,

% No

HYP HYP is present

Number of layers 0 ≤ 7 ≥ 8 4 0

Variance 0 ≤ 14 ≥ 18 2 0

Moment 0.1 ≤ 679 ≥ 947 2 0

Intel Core 2 Duo E6300 + Windows 7 x32

How to detect stealthy hypervisors?

Step by step method:

Stages Stage description

Preliminary (calculate

thresholds)

1. Flash BIOS with a trusted image or firmware

2. Install OS

3. Get threshold values in case where no HYP is present

Operational (detect a

hypervisor)

4. Check in a loop if a hypervisor is present

5. Install Office etc

6. Monitor messages about a hypervisor presence

7. Go to step 3 to adapt the tool to new legitimate HYP



Preliminary

1. Flash BIOS with a trusted image or firmware

2. Install OS


Operational (detection)






Image sources: wikipedia.org/wiki/BIOS batronix.com/versand/programmiergeraete/BX32P/index.html http://myonsitetech.ca/images/image/SoftwareUpgrade.png



thresholds)

1. Guarantee the absence of a HYP by checking

a scatter plot (coming soon)


Operational (detect a

hypervisor)






Detection: architecture & source code

Source code components Details

Windows x32 drivers & their config tools

Visual Studio & WDK, C++ asm

Matlab

http://github.com/IgorKorkin/HypervisorsDetection


thresholds)

Operational (detect a HYP)

Tiny HYP Measure IET

Calc stats & get

Calc stats & compare with thresholds

thresholds

Tiny HYP

Measure IET

Calc stats & get thresholds

Positive results on different PCs & HYPs

HYP title HYP authors & details CPU

Driver

Only 1 tiny HYP tested on 5 PCs

2 nested HYPs=

ADD* + tiny HYP

ADD is loaded first,

the tiny HYP is above it

BIOS

TRace EXplorer

(TREX)

A.Tichonov &

A.Avetisyan (ISP RAS)

Russian Ghost A.Lutsenko aka R_T_T

ADD ― Acronis Disk Director for Windows x86

Is run by

List of challenges

Challenges How to achieve

Stealthy HYP cheats time

Use variability indexes of IET

Data fluctuation: jumps & outliers

Lack of repeatability

Apply filtration & two-step way statistics

Repeat measurements

within 10 days

IET is not normally distributed & no HOV

Use Kornfeld method

And also:

Hardware


Rootkit hypervisor

“Statistical ruler” detects stealthy HYPs

- the detection tool is running in the background

Next steps

● Collaborate with security research

companies

● Publish 2 papers in the next 2 years

● Apply for an academic research position

ADDITIONAL SLIDES

Details of type I and II errors1. Definition of type I and II errors:

2. How to calculate them?

Reality situation

No HYP HYP present

Our decision

No HYP “true” type II

HYP present type I “true”

No HYP HYP present

- overlapping part

Type I error

Type II error

𝛿𝑛𝑜𝐻𝑌𝑃𝐻𝑌𝑃

Analysis of methods to compare samples

Student t-test(parametric stats)

Kornfeld method(non parametric stats)

1. Requirements to input samples

Normal distributionHomogeneity of variances

No requirements

2. Choosing the corresponding confidence level

95% or 99% see t-table

3. Calculating the confidence interval for random variable

, -sample variance

Min-max confidence interval method byStrelen’04 or Kornfeld’65

- are result of measuring random variable

The confidence interval for is

where

with the confidence level

In other words this is the probability of .

Analysis of sample comparison methods

*J.Ch. Strelen, Median confidence intervals. In E.J.H. Kerckhoffs and M. Snorek, editors, Modelling and Simulation 2001 - Proc. of the ESM2001, pages 771-775. The SCS Publishing House, Erlangen, 2001 http://web.informatik.uni-bonn.de/IV/strelen/Forschung/Publikationen/ESM2001.pdf

**Kornfeld, M. (1965, March). Accuracy and Reliability of a Simple Experiment. (in Russian) 85 (3), Number UFN 85 533–542, 533-542, Retrieved on October 12, 2014, from http://ufn.ru/ufn65/ufn65_3/Russian/r653e.pdf

1. Kornfeld method (USSR 1965)

2. Strelen method (Germany 2001)

1. Let’s arrange the set in order of increasing values

2. Therefore the probability

3. Therefore the probability of the complement event:

4. In other words the probability of the fact that

is

Details of Time-based detection

__asm{RDTSCMOV hst, EDXMOV lst, EAXCPUID // 1

RDTSCMOV hfin, EDXMOV lfin, EAX}save_time(...)

tRDTSC-1

tRDTSC-2

tCPUID-1

TSC

read_tsc(time)time = time – Delta

write_tsc(time)

OS Hypervisor

VM exit

time = tVMM

time = (tVMM – Delta ) ≈ tCPUID-1

VM Entry

System Management mode:what are the reasons of SMI?

Maintenance mode:– Used for efficient power management.– Run specific proprietary code.

SMI

SMI

SMI

SMI

RSM instruction

SMM

Back to calling context

Assert a “System Management Interrupt” (SMI) from any other mode:

Thermal Sensor

Century Rollover

RTC AlarmTCO, USB

● WinDbg and VMWare to debug only a HYP driver

● hardware emulators: Bochs, AMD SimNow etc

● debug output by DbgPrint & DbgView

● COM port:

● debug card

The possible ways to debug a HYP

Special thanks to

● Peter Prokoptsev, scientist

● Iwan Nesterov, programmer

● Andrey Chechulin, scientist

● Alexander Nikonov, portfolio manager

● Ben Stein, teacher of English

● Alexey Nesterenko, teacher of English

● Natalia Korkina, teacher of English

Igor Korkin, Ph.D.

[email protected]

Download - Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations

Top Related