Feeds

Here come hypervisors you can trust

Intel to the rescue?

SANS - Survey on application security programs

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.

But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It's a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work.

Clever disguise

There is some sense in trusting hypervisors. They tend to be microkernel or exokernel based – fundamentally more secure than the monolithic kernel operating systems we are more familiar with.

They are far smaller, presenting a reduced attack surface, and we don’t often expose their management interfaces to the internet.

But that still doesn’t mean much. Novel malware has been created that itself is a hypervisor.

It is no big leap to go from this to corrupted hypervisors – rootkit-ed copies of the familiar software we use every day that would go completely unnoticed in most shops.

How sure are you that those critically important virtual machines processing terabytes of personal or classified information every day aren’t running on a compromised hypervisor? Do you know how to test for it? Do you have appropriate precautions in place?

Cue a white knight metaphor and Intel riding in on a shiny digital horse. Someone with a great deal of money and engineering resources has noticed that this is a problem and decided to do something about it.

Signature required

Intel calls its initiative trusted compute pools. And although it is not perfect, it is the best attempt at a solution I’ve seen yet.

The simple explanation of this technology is that it verifies that neither the host BIOS nor the hypervisor have been tampered with.

It does this by requiring both the BIOS and the hypervisor to be signed. When either attempts to load signed modules, the signatures are compared against the "known good" signatures and the hypervisor is allowed to continue loading uninterrupted.

To pull this off, an alphabet soup of technologies is required. Intel’s Trusted Platform Module, hardware-assisted virtualisation, Intel’s version of IOMMU, new CPUs with TXT instructions as well as compliant BIOSes and hypervisors are all necessary components.

Theoretically, other avenues of attack are still possible. Network cards and storage controllers also load their own BIOSes upon boot. Attacks hiding rootkits in these systems have been identified and could pose a threat to the idea of truly trusted computing.

Clean bill of health

Still, trusted compute pools are a huge leap forward in guaranteeing that the operating system has not been tampered with. We can now rest assured that our BIOSes and hypervisors are clean.

And since Intel is a key manufacturer of high-end networking and storage technology, I imagine it won’t be long before NICs and storage controllers are added to the list of devices whose signatures are checked at boot.

So if you have to build out a server (or an entire data centre) to host secure data, you can sleep a little bit easier. Intel is aware of the need for trusted computing and providing technology to make it possible. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
WTF happened to Pac-Man?
In his thirties and still afraid of ghosts
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.