During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.
At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.
Search results for: vmware
Private Cloud Security Nice to Have!?
In a recent document written by virtualization.info and Secure Network of Italy entitled Securing the Private Cloud several issues come to mind. While this is a good document on the availability front of virtualization security, I did not read anything that affected integrity or confidentiality. You cannot be secure if you ignore 2 of the 3 tenants of security.
vNetwork Security: Looking at VLANs
There is nothing like fully understanding the protections inherent within your vNetwork and the Roles and Permissions you can set within the virtualization management tool suites to ensure your vNetwork is secured, audited, and monitored for issues. Just like you do now within the pNetwork. Unlike the pNetwork, the vNetwork provides a certain amount of introspection and capability that is missing from a pNetwork, and this will also help with security.
Eucalyptus 2.0, and the stalled debate on Cloud API Standards
We’ve been following Eucalyptus over a series of posts, and recently seen the company strengthen its management team with the appointment of new CEO Marten Mickos the (only) ex-CEO of MySQL. This week they have released a new version of the Eucalyptus product, Version 2.0. which carries some of his strategy, particularly in putting clear water between the Open Source and the Enterprise version of the product.
Controlling the Virtual Infrastruture
There is a great deal of marketing hype about which hypervisor is better but I have spent some thinking about this and really have to wonder if the hypervisor is what we should really be focusing or concentrating on. A lot of third party vendors are starting to port their products to be able to work with both hypervisors but what about the management server itself? When third party application vendors design their applications to work with VMware or Microsoft hypervisors they have been writing plug-ins for their product to work inside the management server systems and or its client.
Risky Social Behaviors akin to Multi-Tenancy Risks
Can we use some of this Risky Social Behaviors post to aid us in finding an adequate definition for secure multi-tenancy? Perhaps more to the point it can define how we look at multi-tenancy today. On a recent VMware Communities podcast we were told two things that seem contradictory to current security thinking. The first is that going to the cloud reduces your risk, and the second was that the definition of the cloud must include multi-tenancy.