Agency: Department of Defense | Branch: Air Force | Program: SBIR | Phase: Phase I | Award Amount: 149.97K | Year: 2014
ABSTRACT: Bromium will develop a novel type of client hypervisor that extends the concept of Bromium micro-virtualization (per-task hardware isolation of untrusted tasks) from its current type-2 Microvisor architecture to deliver a"type-1.5 Microvisor". The type-2 Microvisor can protect the host from attacks from the web and documents that originate outside the device. The type-1.5 Microvisor is a late-load hypervisor that can de-privilege the host OS in order to protect high-value tasks from attack by a malicious user or a compromised host OS. The system will comprise: A late-load"type-1.5"micro-Xen hypervisor that can be dynamically instantiated on an end point to provide robust protection of valued content/applications in a high-value trust domain. Each high value application/document will be independently securely executed within a protected micro-VM. These secured micro-VMs will protect the application/content, even in the event that the host OS itself becomes compromised, or in the face of a malicious user at the keyboard. Intel TXT will be used to securely measure the hypervisor at launch and the TPM will be used to attest to a third party e.g. an Enterprise Rights Management (ERM) server, that the system and each domain is protected BENEFIT: The goal of this work is to extend the hardware-isolation properties of micro-virtualization to deal not only with untrusted information, but also to protect valuable information and applications curated within the enterprise. Information flows for a given trust domain that are created within an organization and are securely transmitted between its computer systems, should remain isolated and accessible only within the given trust domain, across the enterprise. There are two primary needs for this: 1. Preserving the privileged nature of information will permit the hardware isolation properties of micro-virtualization to be used in a pro-active way, to prevent valued information from entering untrusted execution contexts or domains. 2. Moreover, when mapped into an enterprise rights management context (such as Microsoft IRM), the enterprise can stipulate policies for the handling of different types of proprietary information on devices. Micro-virtualization provides a robust mechanism for enforcing rights-management. The results of this work that relate to the development of the type-1.5 Xen-based Microvisor will be delivered to the open source community. In addition, the prototype will be further developed and incorporated into the products of Bromium, Inc. for delivery to customers (including the Federal Government) that demand highly secure computing environments that manage information flows from multiple domains of trust, who need to protect these domains from malicious users or from a potentially compromised host OS. The system will be applicable to a broad swath of enterprise desktop environments within the Federal Government and commercial environments.
Bromium Inc. | Date: 2014-09-05
Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.
Bromium Inc. | Date: 2013-12-24
Approaches for performing memory management by a hypervisor. A host operating system and a hypervisor are executed on a device. The host operating system is not configured to access physical memory addressed above four gigabytes. The hypervisor manages memory for a device, including memory addressed above four gigabytes. When the hypervisor instantiates a virtual machine, the hypervisor may allocate memory pages for the newly instantiated virtual machine by preferentially using any unassigned memory addressed above four gigabytes before using memory allocated from the host (and hence addressed below four gigabytes).
Bromium Inc. | Date: 2013-05-24
Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.
News Article | February 7, 2015
The definitive definition of malvertising from the experts for the kids (and adults, too) Andrew Avanessian, EVP of consultancy and technology services at endpoint security firm Avecto “You’ve just finished dinner and your favourite bag of sweets is waiting for you. You can see them, they’re right there on the kitchen worktop but when you open the bag of sugary treats it’s filled with bugs! “This is what malvertising is like. People click on adverts on a website because they think they’re safe, it’s something they trust and recognise, but instead they’ve been taken over by dangerous cyber criminals and filled with nasty bugs that will harm your computers. After the advert has been clicked on, the malvertisement quickly takes over your computer, scurrying through your files to find private and important documents such as mummy and daddy’s banking details, which can be used by the criminals to take their money! “Just like checking if your favourite bag of sweets has been taken over by creepy crawlies, people can download internet browsers to spot websites that have malware advertisements on them – letting you know before it’s too late!” “You’re watching your favourite TV show. Mummy and Daddy let you watch it because the fluffy bears sometimes talk about spelling and maths. Unfortunately, during the ad break there’s a VERY upsetting commercial for a horror movie. “Mummy and Daddy take the next six months to work out why you and your siblings are acting strangely. Then they spend their pension on therapy for you all, after failing to sue the TV company who’s lawyer said: ‘sorry, but advertising is how we make the money to put on the show about the fluffy bears.’ Imagine John is having a conversation with Billy about football, talking about their favourite teams and players. Suddenly, Tom comes up from behind Billy. Tom tells John that he overheard the conversation and that he knows where he can get a free championship football. Although Billy knows Tom, they’re not good friends, but more like acquaintances. He can’t tell John whether Tom is lying about the football. John decides to take Tom’s offer but, instead of getting a championship football, he ends up with a beach volleyball that’s used and flat. Harry Potter fans probably remember the Bertie Botts Every Flavour Beans that Harry tried on his way to Hogwarts. Although the Bertie Botts looked tasty and yummy, they each had a different taste, and it wasn’t necessarily pleasant. In his youth, Dumbledore was unlucky enough to come across a vomit-flavoured one. He then turned down Bertie Botts for years to come. Malvertising works in pretty much the same way. Although an ad might look legitimate by being displayed on a trusted site, they can sometimes give your computer an infection by tricking you into downloading malicious applications that will cause your computer to stop working. Dumbledore’s experience with Bertie Botts has made him more careful when choosing the flavoured beans so he wouldn’t feel sick again. In pretty much the same way, you should avoid ads that look good and promise free or alluring things. They might be lying to you. Don’t always trust what you see and don’t take every piece of information for granted. Always check the information you get with multiple sources to avoid being tricked. “Imagine visiting your local toy store. In the store there is a large basket of toys and a sign that says: Free toys! This must be your lucky day. You take one of the toys home with you (your mum said it would be rude to take more), blissfully unaware that the company that made the toys has secretively hidden a stink bomb inside. When you get home, the toy explodes in your room. Now your room smells like rotten eggs and mum is very mad. How can the toy store do this to innocent kids? You go back to the store and complain. The toy store had no idea the toys had a stink bomb inside; a seemingly kind man had brought them in to display in the store. They remove the toys to prevent any further nasty smells, leaving you to wonder: ‘Whatever happened to nice people?’ “Malvertising is where a trusted website unknowingly includes ads from other companies that can do harm to your computer. By regularly updating anti-virus programs (made by the good guys to protect you) as well as your browser software, you can stop the bad guys from harming you.” “You’ve probably used, or seen someone use, a website. It may have been to find out information, play games or send emails. The websites cost money to make and to have it available for people on the Internet. “One way that owners of websites pay for it is to have adverts on the website. You often see these on the top or to the side of bits you want to read. If you click on the advert and buy something, the original website owner is paid a small amount of money. Malvertising is when bad people take control of the adverts, so when they are clicked on, your computer downloads a bad program called malware. Malware can collect important information from your computer and send it to people who shouldn’t have it, hide your things and ask you to pay to unhide them, or even just break your computer. It is nearly impossible to tell the difference between a genuine advertising site and a malvertising site. The best way to prevent this is to run programs called anti-virus or anti-malware.” Based on similar/prior conversations with my son: “Hey bud, you know how your moms tablet has the picture you touch for the Internet but yours doesn’t? That’s because just looking up anything on the Internet can be bad for you and for your computer.” “Sure, son, and we bought this Bird game. Do you remember the first Bird game we had? It had pictures that came up on the sides of that game? And those pictures were confusing because they weren’t part of the game?” “Yah, they kept messing up the game when I touched them.” “Yup. Those are called Ads. It’s companies trying to sell you stuff we don’t need or want.” “Well, it’s good for companies to make money, that’s how Daddies and Mommies have jobs. But sometimes they want you to see stuff for sale, that I’d rather you not see.” “Well…anyway, the point is, son, we now have the Bird game that you can just play without Ads. Because sometimes those Ads can even be bad for your computer.” “Well, sometimes the Ads come from bad guys that want to do more than just show the picture. Sometimes, they’d like to take stuff off your computer.” “Well, geez, son, it’s a bit complicated, but basically they want to send a naughty program to your computer so they can get stuff, like Daddy’s credit card.” How much do you know about Internet security? Take our quiz!