Feeds

Here come hypervisors you can trust

Intel to the rescue?

Choosing a cloud hosting partner with confidence

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.

But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It's a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work.

Clever disguise

There is some sense in trusting hypervisors. They tend to be microkernel or exokernel based – fundamentally more secure than the monolithic kernel operating systems we are more familiar with.

They are far smaller, presenting a reduced attack surface, and we don’t often expose their management interfaces to the internet.

But that still doesn’t mean much. Novel malware has been created that itself is a hypervisor.

It is no big leap to go from this to corrupted hypervisors – rootkit-ed copies of the familiar software we use every day that would go completely unnoticed in most shops.

How sure are you that those critically important virtual machines processing terabytes of personal or classified information every day aren’t running on a compromised hypervisor? Do you know how to test for it? Do you have appropriate precautions in place?

Cue a white knight metaphor and Intel riding in on a shiny digital horse. Someone with a great deal of money and engineering resources has noticed that this is a problem and decided to do something about it.

Signature required

Intel calls its initiative trusted compute pools. And although it is not perfect, it is the best attempt at a solution I’ve seen yet.

The simple explanation of this technology is that it verifies that neither the host BIOS nor the hypervisor have been tampered with.

It does this by requiring both the BIOS and the hypervisor to be signed. When either attempts to load signed modules, the signatures are compared against the "known good" signatures and the hypervisor is allowed to continue loading uninterrupted.

To pull this off, an alphabet soup of technologies is required. Intel’s Trusted Platform Module, hardware-assisted virtualisation, Intel’s version of IOMMU, new CPUs with TXT instructions as well as compliant BIOSes and hypervisors are all necessary components.

Theoretically, other avenues of attack are still possible. Network cards and storage controllers also load their own BIOSes upon boot. Attacks hiding rootkits in these systems have been identified and could pose a threat to the idea of truly trusted computing.

Clean bill of health

Still, trusted compute pools are a huge leap forward in guaranteeing that the operating system has not been tampered with. We can now rest assured that our BIOSes and hypervisors are clean.

And since Intel is a key manufacturer of high-end networking and storage technology, I imagine it won’t be long before NICs and storage controllers are added to the list of devices whose signatures are checked at boot.

So if you have to build out a server (or an entire data centre) to host secure data, you can sleep a little bit easier. Intel is aware of the need for trusted computing and providing technology to make it possible. ®

Beginner's guide to SSL certificates

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Here's your chance to buy an ancient, working APPLE ONE
Warning: Likely to cost a lot even for a Mac
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.