Virtual Machine as a core Android Primitive(android-developers.googleblog.com) |
Virtual Machine as a core Android Primitive(android-developers.googleblog.com) |
By that measure, virtualization is long overdue, but I really can't claim that I'm not surprised.
In English, there is a sentence structure like ‘I ain’t telling nobody’, which means ‘I won’t tell anyone’, but for me it’s difficult to decipher as well. Why it’s not like ‘I’m telling nobody’ or ‘I’m not telling anyone’? Why the double negative — ain’t and nobody — means negative as well.
Same issue is here. I don’t understand whether they were surprised or not. I assume they are not surprised. But the difficulty of the phrasing makes me wonder the meaning behind it.
Fun facts, Unix name is a joke to Multics, where Multi stands for multi-user, and everyone know what happened soon to Unix single user name indication.
I don't think UNIX was ever meant to be single-user. This interview suggests that's not where the name came from anyway: https://www.linuxjournal.com/article/7035
How much of this is closed source?
Using my open-source BrowserBox^0 project then you could have a "bit more isolated" Browser running on your Android device that would add "VM escape" to any zero-day exploit chain that might be a risk.
This is speculation tho, I don't know if it's actually feasible based on the Android reality right now, but assuming the capabilities that are provided are like a regular headless VM, then it should be. :)
This is the classic problem with isolation via virtual machines. To do anything, they have to talk to something, and that's where the security breaches occur.
> On the Pixel 7, the most configuration you'll need to do is similar to Shizuku. You connect to your own phone over wireless adb, configure the maximum container size, and then choose your Linux distribution. It'll download, configure, and then execute the virtual machine.
Not everyone gets to be root, and even for devs there are IT management tools that only allow root for specific use cases, or time boxed.
I haven't seen this personally (not saying it isn't a thing to be clear, just I haven't seen it).
My major issue is that for some reason there are carriers in the US that seem to think a user having control over their own device is something to frown on. I get the potential support and warrently nightmare involved but on the other hand it's not a super easy process that one would do accidentally.
edit: according to this[1], yes, the pKVM functionality that's standard in Android exposes KVM functionality so that you can run VMs on Android.
[1] https://www.xda-developers.com/android-13-dp1-google-pixel-6...
Would graphics acceleration work properly?
> pKVM is built on top of the industry standard Kernel-based Virtual Machine (KVM) in Linux. It means all existing operating systems and workloads that rely on KVM-based virtual machines can work seamlessly on Android devices with pKVM.
What's the current state of the art for Android virtualization? Let's assume we're talking about the newest Pixel and newest Android version. Is there any way to safely run malware or the Facebook app in some sort of air-gapped container and throw it away when you're done?
Nevermind, only the demo app, not the tutorial, so who knows what its doing.
But you and I both know that this feature was designed for the DMCA-lovin' Hollywood types and the control-freak enterprise IT BOFHs, not for your cool hack.
Let's use their tools of oppression against them! (fist emoji)
If AVF allows running native code, it might actually be cheaper than the current arrangement.
Also, Java "virtual machines" and native virtual machines are two very different things, they shouldn't be equated.
Not sure if this architecture can handle that, nor of it's the best architecture to solve this problem, though.
It's much like how web browsers' incognito/private mode is really useful for web developers and certain kinds of troubleshooting, but those are tertiary uses to the primary consumer use case for which it was originally built: browsing porn without leaving history behind.
Normal apps usually don’t have the opportunity to run there, so this levels the playing field somewhat in terms of security.
And unless there is also attestation or binary encryption involved, I doubt this would give app developers any DRM-like capabilities.
Maybe another OS, if someone does the groundwork on that. Or, fully suspend and move running instances across devices, which I think xen can already do.
1. https://source.android.com/docs/core/virtualization/architec... 2. https://wiki.xenproject.org/wiki/Xen_Project_Software_Overvi...
Ironically the revenge of microkernels, as most cloud workloads run on type 1 hypervisors.
AMD Secure Encrypted Virtualization (SEV)
Bare metal runs a tiny L0 hypervisor making use of hardware support for nested virtualization. In turn, the L0 can run an L1 hypervisor, e.g. KVM or "host" OS, or minimal L1 VMs that are peers to the L1 "host"-guest of L0.
Google pKVM-for-Arm tech talk (2022), hopefully x86 will follow, https://www.youtube.com/watch?v=9npebeVFbFw
In the best case future, this will offer security properties based on a small OSS attack surface, rather than black box TEE firmware.
You are putting too much faith in your VM monitor to keep you safe. There's a lot of attack surface in (for example) QEMU peripherals, and there's plenty of examples of VM escape [1]. CrosVM is probably the only publicly available VMM I'd be willing to trust, and even then I'd be nervous running state-sponsored malware on a machine with important data.
However, most of the exploits you'll find in QEMU are against configurations that are never used in real world virtualization scenarios where guests are untrusted. You can recognize them because hardware not commonly used with untrusted guests does not get a CVE.
For a while, slirp was the remaining major issue because it was used way beyond the original intention. But now it's been tamed and there's also passt, a much higher performance and much more secure implementation of user-mode networking.
User profiles can be used in this exact way. Guest user if you intend to install+wipe it right away (though this will prove cumbersome eventually due to having to reinstall the app every time, etc). There is a significant isolation benefit to them, though not currently virtualized. With the isolation can come usability issues. Like transferring files from one profile to another.
They can very slow however (slow to load+setup, and switch between, I mean. when you're inside its effectively a separate, fresh, OS install).
I'd love the easy ability to run confidential computing loads with fine grained control over the data it gets access to. You can do this now on the desktop using SGX (etc) but on mobile it's really hard.
As a specific example of this, it'd be great to be able to run Whisper continually and have strong, system level guarantees about what can read the data.
So in general, just would avoid labeling the quality of other people's takes. You never know who is reading yours
DRM and remote attestation already use a separate secure environment, so I don't see what would change by adding virtualisation.
There will be a chilling effect because people won't want to upset their Google/Microsoft/Apple/Meta etc overlords by saying or doing the wrong thing, and then get locked out of services they need to exist in society, do their job, spend money, etc.
It's like SafetyNet today, you can't run a good amount of apps on unapproved platforms already, even apps that don't handle confidential data.
Confidential computing is cool and useful when you’re the one controlling the VM, but scary when you’re the one blindly running it on your hardware
Hopefully this gets (publicly!) backdoored like SEV, SGX, etc
Important point.
> Hopefully this gets (publicly!) backdoored like SEV, SGX, etc
From my reading this doesn't need to be backdoored, if you have the ability to unlock the bootloader, you are not reliant on googles root of trust to be able to use this feature, you can go ahead and become your own "vendor", by signing your own images, or use your choice of vendor, then relock the bootloader and have the same security guarantees.
I'll admit this only from a cursory glance over the documentation and a vague understanding, happy to be corrected, but seems a lot of the arguments in this thread are about your first point, who has control over the OS.
I'll also add that the EU is being quite proactive in people having control over their own device, and who is their 'choice of vendor' so while I understand concerns people bring up, I'm a bit more optimistic that it can be a more useful tool than not.
Newer markets include cashless (CBDC) payments and digital identity anchored in human biology, demanding more security than legacy content.
> Biometrics: By deploying biometric trusted applets in an isolated virtual machine, developers will have the isolation guarantee, access to more compute power for biometric algorithms, easy updatability regardless of the Trustzone operating system, and a more streamlined deployment.
Fortunately, OSS can enable N-party transaction transparency, we don't have to settle for one-way mirrors and WeChat clones.
With AVF, we're looking at tailored isolation, where a VM can be as minimal or as comprehensive as needed. This flexibility means we can create a highly controlled environment for the browser, enhancing security against web-specific exploits. It's about using ARM's strengths and adding a VM where it makes sense for focused, web-centric security. The idea's to mix and match security layers for the best defense, especially with Android's new AVF making VMs more streamlined.
I guess you could say the goal here is to tailor the security approach to the specific risks associated with web browsing, making the system resilient against a broader range of exploits.
Literally, the title: ‘Virtual Machine as a core Android Primitive’ and the very first sentence: ‘The Android Virtualization Framework (AVF) will be available on upcoming select Android 14 devices.’
(Putting aside the fact for the moment that most - if not all - trusted computing platforms have some security vulnerabilities. Obviously this is bad, but doesn't preclude their utility)
I'm no fan of the modern dependence on Play Services or Google's attempts to kill adblockers through remote attestation, but none of these technologies are inherently bad. Business devices authenticating to business websites should allow remote attestation to verify that their hardware has not been tempered with just as an extra security measure.
Maybe your government is more evil or incompetent than mine, but bad governments aren't going to he limited by technological concepts like these.
Instead of just losing your account, you (or at least both your machine and your digital ID) are banned for good. This already happens with phones, where the entire device gets banned by apps for good, adding a layer of digital ID on top of it worsens the consequences of such decisions by platform owners against users.
> Remote attestation is the norm for many types of apps already yet I can use my bank app on my rooted phone just fine,
Many people can't on their rooted phones, and this cat-and-mouse game will eventually be won by the parties with million/billions to throw at it.
But I don't disagree, I'd rather have a rooted phone with a few islands out of my (and the software that I run!) control for sensitive authentication use cases than a phone where I'm not in control at all. Or than two phones, because only one of them can be rooted.
If you think about it, much of the complexity of Multics come from its multi-user requirement with overly complex access control matrix, multitude of file types including design for multi-user support, etc. Thus the Unix name metaphor or pun is to make it the latter simple by requirement and design. Remember that Unix was started as a skunkwork and even the original PDP-7 that being used originally was donated by other department of AT&T if I remember correctly it was the sound signal processing department [1]. If it is an official project, the multi-user requirement will be there from the start since arguably AT&T is the largest technical company at the time and they will want multi-user from the get-go.
But after some time and considerable success of Unix, the designers probably looks childish due to the naming since they did introduce multi-user at the later stage, and toned down the exact meaning of Unix. What is the opposite of multi, it is uni.
[1] The Strange Birth and Long Life of Unix:
https://spectrum.ieee.org/the-strange-birth-and-long-life-of...
> Because the new operating system supported only one user (Thompson), he saw it as ...
This has a lot more good references too: https://retrocomputing.stackexchange.com/questions/10907/was...
[1] Unix:
I think you mean "I can't say I'm surprised" -> this is not at all surprising. But that's just one negative.
Last time, someone described how this is quite common, but that the opposite - "double positives" were always positive as there's no negation.
Then someone else replied: "Yeah, right!"
"I can't say I'm surprised" or "I'm not surprised" would be much clearer here if the intention is to say this is NOT surprising. "I can't say I'm not surprised" is confusing enough that the intention is not clear. Logically it implies surprise.
Makes me wonder if it might be a linguistic eddy echoing from the clash of Germanic and Latin-based French, where negation contracted with the word is also very common (no idea if n'est and friends had been a thing in French at the time that clash happened)
This is not true. Even non default configuration of any software or hardware that contains a security vulnerability can get a CVE. It has in the past and will again in the future.
Source: I have assigned over 2000 cves for the kernel.
https://www.qemu.org/contribute/security-process/
We are colleagues by the way. :)
I'm aware, I see you comment here regularly.
QEMU doesn't have to assign CVE's but any other CNA can. I do not believe that its good security or even good practice to negotiate out of exploitable flaws. Its a dis-service to users.
I don't have enough skin in the game to change upstream QEMU's mind on this, systems in exploitable configurations are just as exploitable with or without a CVE assigned. People with exploitable configurations now just can't find out there is a problem.
In case anyone else needs a link: http://blog.vmsplice.net/2021/10/a-new-approach-to-usermode-...
When I traveled, this is how I was able to spend money without having to call my bank every time I tried to use my card in person.
Do you have the IdentityCheck/SecureCode/3-D Secure stuff (2FA for online transactions and at certain terminals)? Are these calls for transactions without chip + PIN?
I’ve had some transactions declined while travelling but maybe about 1/1000, and still no call, and nothing the bank support could do to allow them if I called. I’d just have to use a different bank with a vendor. It’s very much a “computer says no” situation then. Otherwise, the payment just goes through in the 99.9% of all cases.
But the banks in central EU, the Nordics, and the UK don’t seem to monitor the transactions I make while travelling to the point that there would be an actual person involved (calling me or reaching out in some other way).
I’m mostly curious about what problem these bank calls are solving. Is it for credit card fraud? In that case, I wonder why this seems to not be a practice in Europe. Is it because we do chip & PIN in physical payments, and 2FA for online/some kiosks?
That probably just means that you never made transactions that crossed the banks' suspicion threshold. Which might be quite high if the bank is confident that it won't be on the hook for credential abuse and does not care if their customers lose money to identify theft. That confirmation call would be an indication of good service, not of bad service.
I'm not saying that calls would be preferable to better authentication schemes like chip+pin (in skimming is very much a thing though), calls are just another second factor after all. And not even a particularly safe one. But defense should be layered and that layer stack should absolutely contain a form of confirmation call on some level if you are a bank.
Qualcomm has trusted input for at least touch sensors into their trusted enclave (unsure about microphone input at this point). Look for "TUI" in https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets...
It gets a bit blurry on AArch64 without and with VHE (Virtual Host Extensions) as without VHE (< ARMv8.1) the kernel runs in EL1 ("kernel mode") most of the time and escalates to EL2 ("hypervisor mode") only when needed, but with VHE it runs at EL2 all the time. (ref. https://lwn.net/Articles/650524/)
* VMM is treated as synonymous with hypervisor
* "Extended host" is defined as "A pseudo-machine [99], also called an extended machine [53] or a user machine [75], is a composite machine produced through a combination of hardware and software, in which the machine's apparent architecture has been changed slightly to make the machine more convenient to use. Typically these architectural changes have taken the form of removing I/O channels and devices, and adding system calls to perform I/O and and other operations"
In other words, type 1 ("bare machine hypervisor") runs in supervisor mode and type 2 runs in user mode. QEMU running in dynamic binary translation mode is a type 2 VMM.
KVM runs on a bare machine, but it delegates some services to a less privileged component such as QEMU or crosvm or Firecracker. This is not a type 2 hypervisor, it is a type 1 hypervisor that follows security principles such as privilege separation.
So it's true that "most cloud workloads run on type 1 hypervisors" (KVM is one) but not that most cloud vendors/workloads run on microkernel-like hypervisors, with the exception of Azure.
Would any crash in GCC be a vulnerability because compilers are fed untrusted source code? Perhaps, but in practice godbolt.org is going to be the only case in which you care.
> Would any crash in GCC be a vulnerability because compilers are fed untrusted
> source code? Perhaps, but in practice godbolt.org is going to be the only
> case in which you care.
"Untrusted" is one those other fine lines that makes assigning and rating difficult and not something that is taken lightly. Compiling software as a user with additional capabilities, could escalate an attackers position assuming they can inject code into the tree to be built. It would be easier to abuse 'make' to execute code, however this is different than the qemu use case.
The QMEU "development" case could (and likely is) someones regular runtime use case. I dont see a clean way for the qmeu team to communicate this, and even if they did, privesc is privsec. Until we as an industry have a clear definition of what we will and wont "support" and users are familiar with the expectations, we're stuck with the hand we've been dealt.
Hopefully that all makes sense, none of it is said to antagonise or draw hate.
Do you trust any modern OS not to accidently include sensitive information when it generates a crash report for an app and sends it off the some remote server in the background?
Isolation is a useful tool. In an ideal world it can be done perfectly at the OS level, but we don't live in that world.
The problem with DRM and "trusted computing" part is that it's under someone else's control, some central authority etc. From my reading of the docs on this, this is not the case with pVM, from https://source.android.com/docs/core/virtualization/security
> Data is tied to instances of a pVM, and secure boot ensures that access to an instance’s data can be controlled
> When a device is unlocked with fastboot oem unlock, user data is wiped.
> Once unlocked, the owner of the device is free to reflash partitions that are usually protected by verified boot, including partitions containing the pKVM implementation. Therefore, pKVM on an unlocked device won't be trusted to uphold the security model.
So my reading of this is that that it is under the users control, as long as they have the ability to unlock the bootloader, and reflash the device with their own images.
I'd love someone who is more knowledgeable to weigh in, but this tech, to me, doesn't seem that close to TPM/DRM type chips where there is no possibility of user control.
There are also vendors that are doing smart contract execution in trusted computing devices so you can get the benefits of trusted execution without the overhead of everyone executing the same code.
I think there are usecases like this outside the mobile _phone_ that are interesting. For example on-device learning for edge devices where the device is not under your control.
This absolutely isn't the case. I know a number of vendors who are deploying edge ML capacity in satellites where the use case is for "agencies" to deploy ML algorithms that they (the vendors) cannot see.
Think about gaming in VR. You might want to make a game where the ML can adapt to the physical peculiarities of a person (think like personalized audio for airpods) but want to guarantee it isn't giving the person an advantage. Even simple things like setting up a VR system (or any physical computing device) can give an advantage to someone if corruptible.
At the moment there are lots of "anti-cheat" technologies that attempt to solve this, but really it needs trusted execution.
AFAIK Qualcomm's implementation does include passing touch input / display into the VM and is marketed in similar term ("Trusted User Interface") to TEE-based techs, except they are not in S-EL0/1.
I've only seen this used in some really obscure scenario (cryptocurrency wallet) though.
Additionally to make it to the next level, they run endless amount of container workloads.