What’s the attack vector?
Who am I protecting against?
Why would I want to shield a VM?
Windows Server 2016 Hyper-V& Shielded VMs
in-common?
Insiderattacks
Phishing attacks
Fabricattacks
Pass-the-hash(PtH) attacks
Stolencredentials
Stolen admincredentials
Insiderattacks
Phishing attacks
Fabricattacks
These privileged accounts have the keys to the kingdom; we gave them those keys decades ago
But now, those administrators’ privileges are being compromised through social engineering, bribery, coercion, private initiatives, etc.
Administrative Privileges
A Hyper-V powered virtualization fabric capable of protectingtenant workloads from inspection, theft and tampering frommalware and system administrators both at rest as well as in-flight. These protected workloads are called “Shielded VMs”.
Security Assurance Goals
Encryption of data, both at-rest & in-flight
Fabric admins locked out
Attestation of host health required
NOTE: Shielding is not intended as a defense against DoS attacks
two modes of shielding
Shielded
Encryption Supported
NOTE: a VM’s shielding type is dictated/configured by the Shielding Data from which the shielded VM is born
deployment scenarios
Enterprise private cloud
Public cloud: general hoster/tenant
Branch office
Compliance
Attacks are simple, sophisticated and everything in between … does that lead to a complex user-experience?
1.Convert an existing VM to a shielded VM
2.Create a new shielded VM
3.Attack a shielded VM
Demonstrations
Protect the virtualization fabric
Windows Server 2016
Demonstration of OpenStack managing a guarded fabric
3rd party fabric manager support
Protect the virtualization fabric
Windows Server 2016
Overview of the security model
Shielded VMs: A Guarded Fabric
Decryption keys: controlled by external system
Guest VM Shielded
VM
H Y P E R - V H O S T 1
+ K E Y P R O T E C T I O N
+ H E A L T H A T T E S T A T I O N
H O S T G U A R D I A N
S E R V I C E ( H G S )
WIN
DO
WS
S
ER
VE
R 2
01
6
HY
PE
R-
V H
OS
TS
Guest VM
GUARDED FABRIC
Guest VM
Guest VM Guest VM
H Y P E R - V H O S T 2
Guest VMGuest VM
Guest VM Guest VM
H Y P E R - V H O S T 3
Guest VMGuest VM
Why certainly, I know you & I must say you’re looking very healthy today!
Virtual Secure Mode
Virtual Secure Mode
Virtual Secure Mode
‘Hello, I’m HOST1, can I
have some keys, please?
Decryption keys: controlled by external system
Guest VM Shielded
VM
H Y P E R - V H O S T 1
+ K E Y P R O T E C T I O N
+ H E A L T H A T T E S T A T I O N
H O S T G U A R D I A N
S E R V I C E ( H G S )
Guest VM
GUARDED FABRIC
Guest VM
Guest VM Guest VM
H Y P E R - V H O S T 2
Guest VMGuest VM
Guest VM Guest VM
H Y P E R - V H O S T 3
Guest VMGuest VM
Sure, your certificate of
health authorizes me to release
keys to you for 8 hours
Virtual Secure Mode
Virtual Secure Mode
Virtual Secure Mode
OK, so I’m healthy then! Can I have
the keys now?
WIN
DO
WS
S
ER
VE
R 2
01
6
HY
PE
R-
V H
OS
TS
Attestation Modes
TPM-trusted
Complex setup/configuration Register each Hyper-V host’s TPM (EKpub) with the
guardian service
Baseline CI policy for each different hardware SKU
Optional: Deploy HSM and use HSM-backed certificates
Specific host hardware required Needs to support TPM v2.0 and UEFI 2.3.1
Highest levels of assurance Fabric-admin untrusted
Trust rooted in hardware
Compliance with code-integrity policy required for key-
release (attestation)
RECOMMENDED STEADY-STATE
Admin-trusted
Simplified Setup/Configuration Setup an Active Directory trust + register group
Authorize a Hyper-V host to run shielded VMs by
adding it to the Active Directory group
Leveraging Existing H/W H/W needs to support Hyper-V on Windows Server
2016
Weaker levels of assurance Fabric-admin is trusted
No hardware-rooted trust or measured-boot
No enforced code-integrity
INITIAL ADOPTION SIMPLIFIER
: TPM-trusted attestation
Trusted
Boot
Code
Integrity
Trusted
Boot
Code
IntegrityUEFI UEFI
All measurements valid?Guarded
Host
Shielded VM
Host Guardian Service
Attestation: validates the health of the host (boot and CI measurements)
: admin-trusted attestation
Trusted
Boot
Code
Integrity
Trusted
Boot
Code
IntegrityUEFI UEFI
Guarded
Host
Shielded VM
Host Guardian Service
Attestation: no boot measurements or code-integrity policies are taken into account
Correct AD group?
1. Pre-configure fabric for TPM-trusted attestation• Extract and upload baseline/TCGlog
• Generate, compile and upload CI policy
• Extract endorsement key (Ekpub) for host TPM
2. Convert fabric to TPM-trusted attestation
3. Malicious admin attacks CI policy of guarded host
Demonstrations
a few Spotlights
Generation 2 VMs onlyLeveraging virtual EFI, Secure boot, virtual TPM
Hyper-V Host: Windows Server 2016Guarded host requires Windows Server 2016 Datacenter edition
Shielded Guest VM OS supportWindows 8 / Windows Server 2012 or newer
vTPM not tied to physical TPMPermits VM mobility, e.g. Live Migration
restricting admin access
Capabilities that might expose VM state unavailable
Several virtual devices are removed
1. Setup Guarded Fabric…
a) Deploy and configure Host Guardian Service
b) Upgrade Hyper-V hosts and fabric manager
c) Configure Hyper-V hosts as guarded
1. get TPM’s endorsement key -> add to HGSNB: this task is performed once on each and every fabric Hyper-V host
2. get TPM’s baseline measurements -> add to HGSNB: this task is performed once for each type of server hardware
3. create code-integrity policy -> add to HGSNB: this task is performed once for each type of server hardware
4. Configure attestation and key protections endpoints
d) Run guarded fabric diagnostics
2. Create shielded VM fabric artifacts…
a) Prepare template disks for use by shielded VMs
b) Create shielded templates
4. Deploy/manage/maintain shielded VMs…
a) Create new shielded VMs on guarded fabric
b) Obtain/maintain BitLocker recovery keys per shielded VM
c) Troubleshoot failed shielded VMs as necessary
3. Create shielded VM tenant artifacts…
a) Obtain guardian key(s) from guarded fabric(s)
b) Create/obtain owner keys to protect your shielded VMs
c) Obtain volume signatures for trusted template disks
d) Create shielding data and upload to guarded fabric(s)
e) Ongoing management tasks (keys and misc. artifacts):
1. Maintain/protect owner keys
2. Maintain trusted volume signature catalogs
PHASE 1: HOSTER / I.T. staff…
PHASE 2: HOSTER / Fabric administrators…
PHASE 3: TENANT / I.T. Security staff…
PHASE 4: TENANT / VM owners…
Details:
Compliance Mapping
ISO 27001: 2013 PCI DSS 3.2 FedRAMP; NIST 800-53 Revision 4
Enforcing Separation of
Duties
A.6.1.2– Segregation of duties 6.4.2 – Separation of duties between test
and production environments
AC-5 – Separation of Duties
Implementation of
Least Privilege Access
and Partitioning Tenant
Functionality
A.9.2.3 – Management of
privileged access rights
A.12.1.4 – Separation of
development, testing, and
operational environments
6.4.1 – Test and Production Environment
Separation
7.2 – User access control on need-to-
know basis
7.2.3 – Default “deny-all” setting
AC-6 – Least Privilege
AC-6 (10) – Prohibit Non-Privileged
Users from Executing Privileged
Functions
SC-2 – Application Partitioning
Protecting Information
Stored in Shared
Resources
None 8.7 – Restricted access to databases
containing cardholder data
SC-4 – Information in Shared Resources
Protection of Data at
Rest
A.8.2.3 – Media Access 3.4 – Verifying stored PAN is unreadable
3.4.1 – Disk encryption usage and access
control
6.5.3 – Insecure cryptographic storage
SC-28 – Protection of Information at Rest
SC-28(1) – Protection of Information at
Rest
Security Function
Verification and
Integrity Monitoring
None 11.5 – Change-detection mechanism
deployment
SI-6 – Security Function Verification
SI-7 – Software, Firmware, and
Information Integrity
1. 11/30: DIM-B201 Windows Server 2016 -
通往混合云之路!
2. 11/30: DIM-B301 深入Windows Server,
Hyper-V, Storage开发与实践
3. 12/01: DIM-B303 实战:45分钟从零部署SDN
4. 12/02: DIM-B304 深入 Storage Space
Direct: 为 Hyper-V 设计的终极软件定义存储
5. 12/02: DIM-B305 深入 Windows Server
2016 Hyper-V 隔离虚拟机
www.microsoft.com/itprocareercenter
www.microsoft.com/itprocloudessentials
www.microsoft.com/mechanics
https://techcommunity.microsoft.com