Feeds

Here come hypervisors you can trust

Intel to the rescue?

Secure remote control for conventional and virtual desktops

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.

But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It's a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work.

Clever disguise

There is some sense in trusting hypervisors. They tend to be microkernel or exokernel based – fundamentally more secure than the monolithic kernel operating systems we are more familiar with.

They are far smaller, presenting a reduced attack surface, and we don’t often expose their management interfaces to the internet.

But that still doesn’t mean much. Novel malware has been created that itself is a hypervisor.

It is no big leap to go from this to corrupted hypervisors – rootkit-ed copies of the familiar software we use every day that would go completely unnoticed in most shops.

How sure are you that those critically important virtual machines processing terabytes of personal or classified information every day aren’t running on a compromised hypervisor? Do you know how to test for it? Do you have appropriate precautions in place?

Cue a white knight metaphor and Intel riding in on a shiny digital horse. Someone with a great deal of money and engineering resources has noticed that this is a problem and decided to do something about it.

Signature required

Intel calls its initiative trusted compute pools. And although it is not perfect, it is the best attempt at a solution I’ve seen yet.

The simple explanation of this technology is that it verifies that neither the host BIOS nor the hypervisor have been tampered with.

It does this by requiring both the BIOS and the hypervisor to be signed. When either attempts to load signed modules, the signatures are compared against the "known good" signatures and the hypervisor is allowed to continue loading uninterrupted.

To pull this off, an alphabet soup of technologies is required. Intel’s Trusted Platform Module, hardware-assisted virtualisation, Intel’s version of IOMMU, new CPUs with TXT instructions as well as compliant BIOSes and hypervisors are all necessary components.

Theoretically, other avenues of attack are still possible. Network cards and storage controllers also load their own BIOSes upon boot. Attacks hiding rootkits in these systems have been identified and could pose a threat to the idea of truly trusted computing.

Clean bill of health

Still, trusted compute pools are a huge leap forward in guaranteeing that the operating system has not been tampered with. We can now rest assured that our BIOSes and hypervisors are clean.

And since Intel is a key manufacturer of high-end networking and storage technology, I imagine it won’t be long before NICs and storage controllers are added to the list of devices whose signatures are checked at boot.

So if you have to build out a server (or an entire data centre) to host secure data, you can sleep a little bit easier. Intel is aware of the need for trusted computing and providing technology to make it possible. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
4Gb/s speeds on a consumer drive, anyone?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.