Flavio Lombardi

Roberto Di Pietro, Flavio Lombardi

Virtualization technologies allow multiple tenants to share physical resources with a degree of security and isolation that cannot be guaranteed by mere containerization. Further, virtualization allows protected transparent introspection of Virtual Machine activity and content, thus supporting additional control and monitoring. These features provide an explanation, although partial, of why virtualization has been an enabler for the flourishing of cloud services. Nevertheless, security and privacy issues are still present in virtualization technology and hence in Cloud platforms. As an example, even hardware virtualization protection/isolation is far from being perfect and uncircumventable, as recently discovered vulnerabilities show. The objective of this paper is to shed light on current virtualization technology and its evolution from the point of view of security, having as an objective its applications to the Cloud setting.

Roberto di Pietro, Federico Franzoni, Flavio Lombardi

Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for latest Windows (8.x and 10), advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of Windows OSes.

Roberto Battistoni, Roberto Di Pietro, Flavio Lombardi

The malicious alteration of machine time is a big challenge in computer forensics. Detecting such changes and reconstructing the actual timeline of events is of paramount importance. However, this can be difficult since the attacker has many opportunities and means to hide such changes. In particular, cloud computing, host and guest machine time can be manipulated in various ways by an attacker. Guest virtual machines are especially vulnerable to attacks coming from their (more privileged) host. As such, it is important to guarantee the timeline integrity of both hosts and guests in a cloud, or at least to ensure that the alteration of such timeline does not go undetected. In this paper we survey the issues related to host and guest machine time integrity in the cloud. Further, we describe a novel architecture for host and guest time alteration detection and correction/resilience with respect to compromised hosts and guests. The proposed framework has been implemented on an especially built simulator. Collected results are evaluated and discussed. Performance figures show the feasibility of our proposal.

Roberto Di Pietro, Flavio Lombardi, Antonio Villani

Graphics Processing Units (GPUs) are deployed on most present server, desktop, and even mobile platforms. Nowadays, a growing number of applications leverage the high parallelism offered by this architecture to speed-up general purpose computation. This phenomenon is called GPGPU computing (General Purpose GPU computing). The aim of this work is to discover and highlight security issues related to CUDA, the most widespread platform for GPGPU computing. In particular, we provide details and proofs-of-concept about a novel set of vulnerabilities CUDA architectures are subject to, that could be exploited to cause severe information leak. Following (detailed) intuitions rooted on sound engineering security, we performed several experiments targeting the last two generations of CUDA devices: Fermi and Kepler. We discovered that these two families do suffer from information leakage vulnerabilities. In particular, some vulnerabilities are shared between the two architectures, while others are idiosyncratic of the Kepler architecture. As a case study, we report the impact of one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. We also suggest software patches and alternative approaches to tackle the presented vulnerabilities. To the best of our knowledge this is the first work showing that information leakage in CUDA is possible using just standard CUDA instructions. We expect our work to pave the way for further research in the field.