From: Carlos Bilbao <carlos.bilbao@amd.com>
To: "Reshetova, Elena" <elena.reshetova@intel.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Shishkin, Alexander" <alexander.shishkin@intel.com>,
"Shutemov, Kirill" <kirill.shutemov@intel.com>,
"Kuppuswamy,
Sathyanarayanan" <sathyanarayanan.kuppuswamy@intel.com>,
"Kleen, Andi" <andi.kleen@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
"Wunner, Lukas" <lukas.wunner@intel.com>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Jason Wang <jasowang@redhat.com>,
"Poimboe, Josh" <jpoimboe@redhat.com>,
"aarcange@redhat.com" <aarcange@redhat.com>,
Cfir Cohen <cfir@google.com>, Marc Orr <marcorr@google.com>,
"jbachmann@google.com" <jbachmann@google.com>,
"pgonda@google.com" <pgonda@google.com>,
"keescook@chromium.org" <keescook@chromium.org>,
James Morris <jmorris@namei.org>,
Michael Kelley <mikelley@microsoft.com>,
"Lange, Jon" <jlange@microsoft.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: Linux guest kernel threat model for Confidential Computing
Date: Fri, 27 Jan 2023 14:51:31 -0600 [thread overview]
Message-ID: <3850d949-3ae2-e446-de1e-24cf3ba4417d@amd.com> (raw)
In-Reply-To: <DM8PR11MB57501BD39CC1E88206E6CD5FE7CC9@DM8PR11MB5750.namprd11.prod.outlook.com>
On 1/27/23 6:25 AM, Reshetova, Elena wrote:
>
>> On Fri, Jan 27, 2023 at 08:52:22AM +0000, Reshetova, Elena wrote:
>>>> On Wed, Jan 25, 2023 at 03:29:07PM +0000, Reshetova, Elena wrote:
>>>>> And this is a very special aspect of 'hardening' since it is about hardening a
>>>> kernel
>>>>> under different threat model/assumptions.
>>>>
>>>> I am not sure it's that special in that hardening IMHO is not a specific
>>>> threat model or a set of assumptions. IIUC it's just something that
>>>> helps reduce severity of vulnerabilities. Similarly, one can use the CC
>>>> hardware in a variety of ways I guess. And one way is just that -
>>>> hardening linux such that ability to corrupt guest memory does not
>>>> automatically escalate into guest code execution.
>>>
>>> I am not sure if I fully follow you on this. I do agree that it is in principle
>>> the same 'hardening' that we have been doing in Linux for decades just
>>> applied to a new attack surface, host <-> guest, vs userspace <->kernel.
>>
>> Sorry about being unclear this is not the type of hardening I meant
>> really. The "hardening" you meant is preventing kernel vulnerabilities,
>> right? This is what we've been doing for decades.
>> But I meant slightly newer things like e.g. KASLR or indeed ASLR generally -
>> we are trying to reduce a chance a vulnerability causes random
>> code execution as opposed to a DOS. To think in these terms you do not
>> need to think about attack surfaces - in the system including
>> a hypervisor, guest supervisor and guest userspace hiding
>> one component from others is helpful even if they share
>> a privelege level.
>
> Do you mean that the fact that CoCo guest has memory encrypted
> can help even in non-CoCo scenarios? I am sorry, I still seem not to be able
> to grasp your idea fully. When the privilege level is shared, there is no
> incentive to perform privilege escalation attacks across components,
> so why hide them from each other? Data protection? But I don’t think you
> are talking about this? I do agree that KASLR is stronger when you remove
> the possibility to read the memory (make sure kernel code is execute only)
> you are trying to attack, but again not sure if you mean this.
>
>>
>>
>>
>>> Interfaces have changed, but the types of vulnerabilities, etc are the same.
>>> The attacker model is somewhat different because we have
>>> different expectations on what host/hypervisor should be able to do
>>> to the guest (following business reasons and use-cases), versus what we
>>> expect normal userspace being able to "do" towards kernel. The host and
>>> hypervisor still has a lot of control over the guest (ability to start/stop it,
>>> manage its resources, etc). But the reasons behind this doesn’t come
>>> from the fact that security CoCo HW not being able to support this stricter
>>> security model (it cannot now indeed, but this is a design decision), but
>>> from the fact that it is important for Cloud service providers to retain that
>>> level of control over their infrastructure.
>>
>> Surely they need ability to control resource usage, not ability to execute DOS
>> attacks. Current hardware just does not have ability to allow the former
>> without the later.
>
> I don’t see why it cannot be added to HW if requirement comes. However, I think
> in cloud provider world being able to control resources equals to being able
> to deny these resources when required, so being able to denial of service its clients
> is kind of build-in expectation that everyone just agrees on.
>
Just a thought, but I wouldn't discard availability guarantees like that
at some point. As a client I would certainly like it, and if it's good
for business...
>>
>>>>
>>>> If you put it this way, you get to participate in a well understood
>>>> problem space instead of constantly saying "yes but CC is special". And
>>>> further, you will now talk about features as opposed to fixing bugs.
>>>> Which will stop annoying people who currently seem annoyed by the
>>>> implication that their code is buggy simply because it does not cache in
>>>> memory all data read from hardware. Finally, you then don't really need
>>>> to explain why e.g. DoS is not a problem but info leak is a problem - when
>>>> for many users it's actually the reverse - the reason is not that it's
>>>> not part of a threat model - which then makes you work hard to define
>>>> the threat model - but simply that CC hardware does not support this
>>>> kind of hardening.
>>>
>>> But this won't be correct statement, because it is not limitation of HW, but the
>>> threat and business model that Confidential Computing exists in. I am not
>>> aware of a single cloud provider who would be willing to use the HW that
>>> takes the full control of their infrastructure and running confidential guests,
>>> leaving them with no mechanisms to control the load balancing, enforce
>>> resource usage, etc. So, given that nobody needs/willing to use such HW,
>>> such HW simply doesn’t exist.
>>>
>>> So, I would still say that the model we operate in CoCo usecases is somewhat
>>> special, but I do agree that given that we list a couple of these special
>> assumptions
>>> (over which ones we have no control or ability to influence, none of us are
>> business
>>> people), then the rest becomes just careful enumeration of attack surface
>> interfaces
>>> and break up of potential mitigations.
>>>
>>> Best Regards,
>>> Elena.
>>>
>>
>> I'd say each business has a slightly different business model, no?
>> Finding common ground is what helps us share code ...
>
> Fully agree, and a good discussion with everyone willing to listen and cooperate
> can go a long way into defining the best implementation.
>
> Best Regards,
> Elena.
Thanks for sharing the threat model with the list!
Carlos
next prev parent reply other threads:[~2023-01-27 20:51 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 12:28 Linux guest kernel threat model for Confidential Computing Reshetova, Elena
2023-01-25 12:43 ` Greg Kroah-Hartman
2023-01-25 13:42 ` Dr. David Alan Gilbert
2023-01-25 14:13 ` Daniel P. Berrangé
2023-01-25 15:29 ` Dr. David Alan Gilbert
2023-01-26 14:23 ` Richard Weinberger
2023-01-26 14:58 ` Dr. David Alan Gilbert
2023-01-26 15:13 ` Richard Weinberger
2023-01-26 15:22 ` Dr. David Alan Gilbert
2023-01-26 15:55 ` Daniel P. Berrangé
2023-01-27 9:02 ` Jörg Rödel
2023-01-26 15:43 ` Daniel P. Berrangé
2023-01-27 11:23 ` Reshetova, Elena
2023-01-30 11:30 ` Christophe de Dinechin
2023-01-25 14:22 ` Greg Kroah-Hartman
2023-01-25 14:30 ` James Bottomley
2023-01-25 14:57 ` Dr. David Alan Gilbert
2023-01-25 15:16 ` Greg Kroah-Hartman
2023-01-25 15:45 ` Michael S. Tsirkin
2023-01-25 16:02 ` Kirill A. Shutemov
2023-01-25 17:47 ` Michael S. Tsirkin
2023-01-25 15:50 ` Dr. David Alan Gilbert
2023-01-25 18:47 ` Jiri Kosina
2023-01-26 9:19 ` Jörg Rödel
2023-01-25 21:53 ` Lukas Wunner
2023-01-26 10:48 ` Dr. David Alan Gilbert
2023-01-26 11:24 ` Jonathan Cameron
2023-01-26 13:32 ` Samuel Ortiz
[not found] ` <CAGXJix9-cXNW7EwJf0PVzj_Qmt5fmQvBX1KvXfRX5NAeEpnMvw@mail.gmail.com>
2023-01-26 10:58 ` Jonathan Cameron
2023-01-26 13:15 ` Samuel Ortiz
2023-01-26 16:07 ` Jonathan Cameron
2023-01-27 7:02 ` Samuel Ortiz
2023-01-26 15:44 ` Lukas Wunner
2023-01-26 16:25 ` Michael S. Tsirkin
2023-01-26 21:41 ` Lukas Wunner
2023-01-27 7:17 ` Samuel Ortiz
2023-01-25 20:13 ` Jiri Kosina
2023-01-26 13:13 ` Reshetova, Elena
2023-01-25 15:29 ` Reshetova, Elena
2023-01-25 16:40 ` Theodore Ts'o
2023-01-26 8:08 ` Reshetova, Elena
2023-01-26 11:19 ` Leon Romanovsky
2023-01-26 11:29 ` Reshetova, Elena
2023-01-26 12:30 ` Leon Romanovsky
2023-01-26 13:28 ` Reshetova, Elena
2023-01-26 13:50 ` Leon Romanovsky
2023-01-26 20:54 ` Theodore Ts'o
2023-01-27 19:24 ` James Bottomley
2023-01-30 7:42 ` Reshetova, Elena
2023-01-30 12:40 ` James Bottomley
2023-01-31 11:31 ` Reshetova, Elena
2023-01-31 13:28 ` James Bottomley
2023-01-31 15:14 ` Christophe de Dinechin
2023-01-31 17:39 ` Michael S. Tsirkin
2023-02-01 10:52 ` Christophe de Dinechin Dupont de Dinechin
2023-02-01 11:01 ` Michael S. Tsirkin
2023-02-01 13:15 ` Christophe de Dinechin Dupont de Dinechin
2023-02-01 16:02 ` Michael S. Tsirkin
2023-02-01 17:13 ` Christophe de Dinechin
2023-02-06 18:58 ` Dr. David Alan Gilbert
2023-02-02 3:24 ` Jason Wang
2023-02-01 10:24 ` Christophe de Dinechin
2023-01-31 16:34 ` Reshetova, Elena
2023-01-31 17:49 ` James Bottomley
2023-02-02 14:51 ` Jeremi Piotrowski
2023-02-03 14:05 ` Reshetova, Elena
2023-01-27 9:32 ` Jörg Rödel
2023-01-26 13:58 ` Dr. David Alan Gilbert
2023-01-26 17:48 ` Reshetova, Elena
2023-01-26 18:06 ` Leon Romanovsky
2023-01-26 18:14 ` Dr. David Alan Gilbert
2023-01-26 16:29 ` Michael S. Tsirkin
2023-01-27 8:52 ` Reshetova, Elena
2023-01-27 10:04 ` Michael S. Tsirkin
2023-01-27 12:25 ` Reshetova, Elena
2023-01-27 14:32 ` Michael S. Tsirkin
2023-01-27 20:51 ` Carlos Bilbao [this message]
2023-01-30 11:36 ` Christophe de Dinechin
2023-01-30 12:00 ` Kirill A. Shutemov
2023-01-30 15:14 ` Michael S. Tsirkin
2023-01-31 10:06 ` Reshetova, Elena
2023-01-31 16:52 ` Christophe de Dinechin
2023-02-02 11:31 ` Reshetova, Elena
2023-02-07 0:27 ` Carlos Bilbao
2023-02-07 6:03 ` Greg Kroah-Hartman
2023-02-07 19:53 ` Carlos Bilbao
2023-02-07 21:55 ` Michael S. Tsirkin
2023-02-08 1:51 ` Theodore Ts'o
2023-02-08 9:31 ` Michael S. Tsirkin
2023-02-08 10:44 ` Reshetova, Elena
2023-02-08 10:58 ` Greg Kroah-Hartman
2023-02-08 16:19 ` Christophe de Dinechin
2023-02-08 17:29 ` Greg Kroah-Hartman
2023-02-08 18:02 ` Dr. David Alan Gilbert
2023-02-08 18:58 ` Thomas Gleixner
2023-02-09 19:48 ` Dr. David Alan Gilbert
2023-02-08 13:00 ` Michael S. Tsirkin
2023-02-08 13:42 ` Theodore Ts'o
2023-02-08 7:19 ` Greg Kroah-Hartman
2023-02-08 10:16 ` Reshetova, Elena
2023-02-08 13:15 ` Michael S. Tsirkin
2023-02-09 14:30 ` Reshetova, Elena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3850d949-3ae2-e446-de1e-24cf3ba4417d@amd.com \
--to=carlos.bilbao@amd.com \
--cc=aarcange@redhat.com \
--cc=alexander.shishkin@intel.com \
--cc=andi.kleen@intel.com \
--cc=cfir@google.com \
--cc=dave.hansen@intel.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=jbachmann@google.com \
--cc=jlange@microsoft.com \
--cc=jmorris@namei.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas.wunner@intel.com \
--cc=marcorr@google.com \
--cc=mika.westerberg@linux.intel.com \
--cc=mikelley@microsoft.com \
--cc=mst@redhat.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=sathyanarayanan.kuppuswamy@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).