Lecture 05 - Virtualization Flashcards
Kernel
Core of the OS with privileged instructions for resource management
User Mode
Restricted mode for applications without direct access to privileged instructions
Protection Rings
Levels of privilege for memory segments and CPU execution
System Calls
User process requests to the kernel for privileged actions
Context Switching
Kernel-controlled process switching for CPU utilization
Virtualization
Abstracting hardware for OS and application independence
Abstraction Layer
Virtualization’s separation of resources from physical delivery
Hypervisor
Software enabling virtualization by managing multiple OS on one hardware
OS-level virtualization
Allows multiple secure virtual servers to run on one OS
Application-level virtualization
Application runtime behavior similar to interfacing with original OS
Paravirtualization
VM presents a software interface similar to underlying hardware
Qubes OS
Secure OS based on Xen hypervisor with sandboxed networking and USB
VM escape
Attacks breaking out of virtual machine isolation
Application privilege escalation
Gaining higher application privileges than intended
Just-In-Time (JIT) spraying
Exploiting JIT compilation to bypass ASLR protection