Linux Virtualization Based Security (LVBS)

The Linux kernel, due to its use across countless systems worldwide, is a prime target for attackers. And, with the number of exploitable kernel vulnerabilities steadily rising, prioritizing security is essential. While the kernel offers many built-in self protection mechanisms, some gaps remain. For instance, the Linux kernel lags in the current state of the art in virtualization based security (VBS). In this talk we introduce Linux Virtualization Based Security (LVBS), a security feature that can a) harden the kernel and b) ensure that critical kernel resources remain untampered, even if the kernel gets compromised. VBS uses hardware virtualization and the hypervisor (Hyper-V) to create an isolated virtual environment that runs as a higher trust level, called Virtual Trust Level 1 (VTL1). VTL1 has its own kernel, referred to as the secure kernel, where a number of security solutions are hosted.

In this talk, an overview of LVBS will be given, starting with our motivation and threat model and providing the context needed for understanding VBS. We will then examine the high-level architecture, which includes a hypervisor-agnostic common layer, and delve deeper into some Hyper-V specific components. We will also present the interface between the guest kernel (VTL0) and secure kernel (VTL1), talk about how we boot the secure kernel and extend secure boot to verify it, and explore the security features, which include control register pinning, memory access protections, and module authentication. A demonstration of a simulated attack attempting unauthorized memory modification will be shown to see how LVBS protects the kernel and handles exceptions. Finally, we will discuss the current status of our work and future work items such as trustlet support, integration with confidential computing, and support for text patching features.