Feeds

Here come hypervisors you can trust

Intel to the rescue?

Build a business case: developing custom apps

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.

But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It's a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work.

Clever disguise

There is some sense in trusting hypervisors. They tend to be microkernel or exokernel based – fundamentally more secure than the monolithic kernel operating systems we are more familiar with.

They are far smaller, presenting a reduced attack surface, and we don’t often expose their management interfaces to the internet.

But that still doesn’t mean much. Novel malware has been created that itself is a hypervisor.

It is no big leap to go from this to corrupted hypervisors – rootkit-ed copies of the familiar software we use every day that would go completely unnoticed in most shops.

How sure are you that those critically important virtual machines processing terabytes of personal or classified information every day aren’t running on a compromised hypervisor? Do you know how to test for it? Do you have appropriate precautions in place?

Cue a white knight metaphor and Intel riding in on a shiny digital horse. Someone with a great deal of money and engineering resources has noticed that this is a problem and decided to do something about it.

Signature required

Intel calls its initiative trusted compute pools. And although it is not perfect, it is the best attempt at a solution I’ve seen yet.

The simple explanation of this technology is that it verifies that neither the host BIOS nor the hypervisor have been tampered with.

It does this by requiring both the BIOS and the hypervisor to be signed. When either attempts to load signed modules, the signatures are compared against the "known good" signatures and the hypervisor is allowed to continue loading uninterrupted.

To pull this off, an alphabet soup of technologies is required. Intel’s Trusted Platform Module, hardware-assisted virtualisation, Intel’s version of IOMMU, new CPUs with TXT instructions as well as compliant BIOSes and hypervisors are all necessary components.

Theoretically, other avenues of attack are still possible. Network cards and storage controllers also load their own BIOSes upon boot. Attacks hiding rootkits in these systems have been identified and could pose a threat to the idea of truly trusted computing.

Clean bill of health

Still, trusted compute pools are a huge leap forward in guaranteeing that the operating system has not been tampered with. We can now rest assured that our BIOSes and hypervisors are clean.

And since Intel is a key manufacturer of high-end networking and storage technology, I imagine it won’t be long before NICs and storage controllers are added to the list of devices whose signatures are checked at boot.

So if you have to build out a server (or an entire data centre) to host secure data, you can sleep a little bit easier. Intel is aware of the need for trusted computing and providing technology to make it possible. ®

The essential guide to IT transformation

More from The Register

next story
Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
Tip: Put the shades on and you'll look less of a spanner
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
One step closer to ROBOT BUTLERS: Dyson flashes vid of VACUUM SUCKER bot
Latest cleaner available for world+dog in September
Samsung Gear S: Quick, LAUNCH IT – before Apple straps on iWatch
Full specs for wrist-mounted device here ... but who'll buy it?
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Now that's FIRE WIRE: HP recalls 6 MILLION burn-risk laptop cables
Right in the middle of Burning Mains Man week
Apple's iWatch? They cannae do it ... they don't have the POWER
Analyst predicts fanbois will have to wait until next year
HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE
Noo! Hand not big enough! Don't look at meee!
AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else
Chip maker claims the Radeon R9 285 is 'best in its class'
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.