Feeds

Here come hypervisors you can trust

Intel to the rescue?

Internet Security Threat Report 2014

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.

But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It's a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work.

Clever disguise

There is some sense in trusting hypervisors. They tend to be microkernel or exokernel based – fundamentally more secure than the monolithic kernel operating systems we are more familiar with.

They are far smaller, presenting a reduced attack surface, and we don’t often expose their management interfaces to the internet.

But that still doesn’t mean much. Novel malware has been created that itself is a hypervisor.

It is no big leap to go from this to corrupted hypervisors – rootkit-ed copies of the familiar software we use every day that would go completely unnoticed in most shops.

How sure are you that those critically important virtual machines processing terabytes of personal or classified information every day aren’t running on a compromised hypervisor? Do you know how to test for it? Do you have appropriate precautions in place?

Cue a white knight metaphor and Intel riding in on a shiny digital horse. Someone with a great deal of money and engineering resources has noticed that this is a problem and decided to do something about it.

Signature required

Intel calls its initiative trusted compute pools. And although it is not perfect, it is the best attempt at a solution I’ve seen yet.

The simple explanation of this technology is that it verifies that neither the host BIOS nor the hypervisor have been tampered with.

It does this by requiring both the BIOS and the hypervisor to be signed. When either attempts to load signed modules, the signatures are compared against the "known good" signatures and the hypervisor is allowed to continue loading uninterrupted.

To pull this off, an alphabet soup of technologies is required. Intel’s Trusted Platform Module, hardware-assisted virtualisation, Intel’s version of IOMMU, new CPUs with TXT instructions as well as compliant BIOSes and hypervisors are all necessary components.

Theoretically, other avenues of attack are still possible. Network cards and storage controllers also load their own BIOSes upon boot. Attacks hiding rootkits in these systems have been identified and could pose a threat to the idea of truly trusted computing.

Clean bill of health

Still, trusted compute pools are a huge leap forward in guaranteeing that the operating system has not been tampered with. We can now rest assured that our BIOSes and hypervisors are clean.

And since Intel is a key manufacturer of high-end networking and storage technology, I imagine it won’t be long before NICs and storage controllers are added to the list of devices whose signatures are checked at boot.

So if you have to build out a server (or an entire data centre) to host secure data, you can sleep a little bit easier. Intel is aware of the need for trusted computing and providing technology to make it possible. ®

Intelligent flash storage arrays

More from The Register

next story
Chipmaker FTDI bricking counterfeit kit
USB-serial imitators whacked by driver update
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Microsoft to enter the STRUGGLE of the HUMAN WRIST
It's not just a thumb war, it's total digit war
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.