Speaker: Neil MacDonald
I decided to attend this session on the basis that we are embarked on a program of virtualization and, if that means that we need to re-think how we ensure the security of our systems, having a strategic view on how security paradigms are impacted by virtualization would be useful.
"Virtualization will radically change how you secure and manage computing environments."
Two main topics: How can virtualization be used today to improve security; what will we be able to do that radically changes security in the longer term.
Today:
There are multiple layers of virtualization: presentation; applications; operating system/hardware. VMWare is 85% of the market. Citrix, Microsoft and VMWare are all looking at having offerings at all the different layers of virtualization. Most of today's talk will be around virtualization layer between the hardware and the operating system.
Moving from having a host operating system to a hypervisor (like VSX or Hyper-V) is a good move from a security perspective, as the attack surface of a hypervisor is much smaller than that of a whole host operating system. Clearly securing the hyper-visor is critical—a successful attack on the hypervisor takes down everything above it.
At the guest operating system level, virtual machines can become virtual firewalls and virtual intrusion detection systems. The vendors are different and much less expensive. The hardware vendors are slow to produce these virtual systems as the costs for virtual versions are so much less expensive (think of them as software based appliances—as opposed to more expensive hardware based appliances). [Maybe we should consider looking at virtual IDS and virtual firewall vendors as an alternative to hardware solutions—proof-of-concept is much less expensive, as the up-side. Down side is that we know less about what the software appliance is composed of—whether, for example, it is based on an embedded, older version of Linux which is vulnerable to certain attacks].
OVF (Open VM Format) package the VM in XML-based meta-data, digitally signed. Can't necessarily trust the meta-data; might still be low quality code; might be signed after it is tampered with—not a silver bullet.
Virtualizing a browser allows the browsing of sites that might have malicious content—but the virtualization layer protects the PC from the mal-ware (GreenBorder, AppSense). Might try to check out "portable personalities" tomorrow where the notion of creating a boundary between trusted and untrusted is turned on its head—making a trustable space in an untrusted environment.
Longer term:
VM State Inspection via the hypervisor. Configuration management can be done at the hypervisor level, not at the virtualized OS level (via a security VM—consider it a security appliance VM: state information like: processor state; memory pages; network state; disk blocks; process control blocks; threads and processes; services; applications; files; handles; kernel modules). Need to control what the virtualized OS does not what it is. MacAffee claim that, in that environment, they could have just one instance of anti-virus software for the hardware, rather than one for each virtualized operating system. The protection is provided outside the virtualized operating systems so protection can be provided to out-of-support operating systems; security software cannot be turned off by mal-ware, as the scope of control provided by the virtualized OS does not extend to the protecting software (like anti-virus).
Security workloads can be applied quickly and dynamically, just as we can start and stop virtual machines dynamically. Applying hot patches; changing policies—and doing so at the VMM/hypervisor layer rather than the individual virtualized workloads.
We need to ensure that security is a mandatory part of evaluation of virtualization solutions: Gartner will help with more specific recommendations.
