qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using Qemu to isolate/virtualize applications

From: jan
Subject: Using Qemu to isolate/virtualize applications
Date: Thu, 9 Jun 2022 14:46:00 +0200

Hi,

I’m interested in investigating the possibility of running applications in a virtualized/isolated manner to minimize access to the OS (Windows/Linux/Android). Preferably there should be no or minimal software changes to the guest OS or application binary.

 

Generally applications in an OS can perform the following hardware read/write operations:

·                   Memory

·                   Internal and external disks (file system APIs)

·                   Network (Ethernet, WiFi) (socket APIs)

·                   Ports (for low level hardware access) (assembler instructions)

 

My understanding is that memory, disk, network and ports are virtualized through Qemu and therefore it may be possible to:

·                   monitor access (beyond the monitoring provided by the guest OS)

·                   manage access (beyond the access rights provided by the guest OS)

·                   undo disk changes without rebooting the guest OS

from Qemu regardless of the guest OS.

 

Assume a zero trust model for the guest OS and the application being executed on it:

  • a hacker can compromise the admin or root account
  • kernel and user APIs can be exploited with or without admin or root access due to vulnerabilities

 

The network layer may be the easiest to implement if you want to just deny incoming/outgoing packets regardless of the process or kernel/user context.

 

The problem with memory, disk, network and port access is that the CPU has no concept of process IDs or user IDs. The OS does the context switching to provide a time slice to each process during which the CPU executes the relevant instructions. Therefor one will have to develop drivers that can pass the process and user IDs to such an access monitoring/control system.

 

The ideal is to restrict user mode applications to:

  • Only access memory that belongs to the application process
  • Only access files/folders that it has been granted access to via an external mechanism
  • Only send/receive network data that it has been granted access to via an external mechanism
  • Only access ports that it has been granted access to via an external mechanism

 

By external mechanism, I mean that the permissions are granted and managed outside the guest OS and if Qemu is used, that would be the host OS.  If restricting these actions are not possible, monitoring/detecting these actions would already be useful.

 

My question is whether Qemu would be a useful tool in such a system.  The emulation feature of Qemu could perhaps be used to instrument certain CPU instructions, even if the guest and host are the same architecture. 

 

I will appreciate your thoughts on this

Best regards

Jan Louw

 

CTO AITechGroup

South Africa

https://aitechgroup.co.za/

 

Logo, company name Description automatically generated

 

 

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]