TECHNOLOGY FOR CHANGE

Virtualization Security Needs a Closer Look

Salvatore Salamone | Date: 05-10-10 | Comments

• 50
• PrintPDF
• Filed Under: Technology For Change




• North Carolina State University researchers are exploring ways to make virtualization and cloud computing more secure—something that is increasingly needed as more organizations embrace the two technologies.

• Most IT organizations are using virtualization and cloud computing today. But many have not yet moved their mission-critical apps to virtualized servers.

  A CDW survey of 387 IT executives found that while 90 percent of enterprises have virtualized portions of their data centers, 62 percent are still keeping critical apps on physical servers.

  One reason for the delay is security. Gartner estimates that through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace.

  Why less secure? There are immature tools to protect virtualized environments. And in a bit of a twist, the blame also has to do with virtualization’s ease of use. Creation and deployment of virtual machines is fast and uncomplicated compared with what’s needed in a traditional deployment. As a result, individuals and groups sometimes get their projects going bypassing IT.

  With funding from the National Science Foundation and the U.S. Army Research Office, North Carolina State University researchers are trying to address the first problem. To that end, Dr. Xuxian Jiang, assistant professor of computer science, and his Ph.D. student Zhi Wang have developed software called HyperSafe to secure hypervisors against malware attacks.

  “We can guarantee the integrity of the underlying hypervisor by protecting it from being compromised by any malware downloaded by an individual user,” Jiang says. “By doing so, we can ensure the hypervisor’s isolation.”

  According to the researchers, for malware to affect a hypervisor, it typically needs to run its own code in the hypervisor. HyperSafe utilizes two components to prevent that from happening. First, the HyperSafe program uses a technique called non-bypassable memory lockdown, which bars the introduction of new code by anyone other than the hypervisor administrator. “This also prevents attempts to modify existing hypervisor code by external users,” Jiang explains.

  Second, HyperSafe uses a technique called restricted pointer indexing. This technique characterizes a hypervisor’s normal behavior and then prevents any deviation from that profile. So only the hypervisor administrators themselves can introduce changes to the hypervisor code.

  Jiang and Wang will present their research May 18 at the 31st IEEE Symposium on Security and Privacy in Oakland, Calif.

  Locking Down Administration

  As researchers and vendors work to improve virtualization security tools, organizations can take steps now to address the other problem Gartner identified—that of individuals and groups bypassing IT and lax deployment methods.

  This problem was substantiated in a study released last month by security and compliance solutions provider Prism Microsystems. The company surveyed 302 security and IT managers, and found that 65 percent of respondents indicated they have not implemented separation of duties between the staffers responsible for provisioning virtual machines and other administrator groups. eWEEK noted that “not coincidentally, 34.9 percent said they are worried about the potential for insider abuse due to the expanded control available to administrators.” In addition, compromising the credentials of a virtual administrator could provide an outside hacker with “the keys to the castle.”

  The solution here is not technical. Addressing this problem requires policies and procedures to ensure all deployments are properly done to minimize security risks. To get started, the Website Help Net Security offers an overview of virtualization security issues and tips.

   

IBM Resources

• End to End Virtualization: A holistic approach for a dynamic environment.
• Business Analytics and Optimization Jumpstart: Embedding analytics to transform insights into action
• Cloud computing insights from 110 implementation projects
• Capturing the Potential of Cloud
• Analytics - the new path to value
• Social Business: Advent of a new age
• Becoming a Social Business: The IBM Story
• Meeting the Demands of the Smarter Consumer
• Business agility powers innovation, transformation and growth
• Inside the Midmarket - A 2011 Perspective
• Building a strong enterprise cloud foundation is critical to manage growth for SaaS providers
• Blue Cross Blue Shield of South Carolina: A Model of IT Efficiency
• A Simple Idea that Changed the World

Most Read

• Top Five Cloud Trends for 2012
• New Tool Analyzes Data Without Bias
• Real-Time Analytics Takes a Bite Out of Crime
• Hadoop Takes a Giant Step Toward the Enterprise
• Universities Worldwide to Introduce Analytics Education
• Chattanooga Builds a Smart City
• Software Development Gets Agile
• Smarter App Prototyping Sans Programming
• Brain Microchip Faster Than Humans

Trending

• Rolls-Royce, ASU Partnership to Combat Billions in Health Insurance Fraud
• Video Analytics Boosts Business Intelligence
• Technology Transforming IT in 2012
• Print/TV Ads Retread for Social Media
• Is Voice Microblogging the Next Social Media Trend?
• Cyber Monday Sees Massive Growth
• How to Improve Crowd-Sourced Information
• App Tracks New Year's Resolutions Progress
• Giving Big Beats Giving More

RELATED CONTENT

• Five Reasons IaaS Will Top $4 Billion by 2015
• Intel, McAfee Leverage Hardware Security
• Synergies Abound When Health Care Organizations Tap Social Media
• Extreme Virtualization: Million-Machine Cluster Will Enable Botnet Study
• Protecting Mission-Critical Workloads
• Five Steps to Securing Internet-Enabled Devices
• Cloud Security Guaranteed by SICE

Videos

TWITTER FEED

• about 4 hours agoThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @dlpmarketing @ibmemergingtech @jennifertaylor
  
• Feb 7th 11:48 AMThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @walterfalk @vasfigucer @ibmsmrtrcmptng
  
• Feb 7th 9:10 AMPhoto: Manage XIV Storage with this new iPhone app http://t.co/kMdsvKs3
  
• Feb 7th 8:53 AMVideo: Manage XIV On the Go with an iPhone (by ibmstorage) http://t.co/nQHwXBVZ
  
• Feb 7th 8:44 AM"How can I get some of this SSD goodness?" http://t.co/RxJJTzXh
  
• Feb 6th 11:48 AMThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @tashkhet @sroetenibm @dennisibm @ibmbigdata @ibmdirecto_es
  
• Feb 6th 9:56 AMRT @DutchCloud: Dutch Cloud Awarded as IBM Business Partner of the Year 2011 for Cloud Innovation !!!
  
• Feb 5th 11:48 AMThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @palmtwo @prof_eder @vasfigucer @bnhall
  
• Feb 4th 11:47 AMThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @ibmnetezza @steph_wacongne @pyyhtia @avnetretailpath
  
• Feb 3rd 11:48 AMThe Smarter Computing Daily is out! http://t.co/FR7642Ug â–¸ Top stories today via @fangfeng88 @hopley @letterlearning @ibmsmrtrcmptng
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register for the "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar on Thursday February 16 at 10:00 a.m. Pacific / 1:00 p.m. Eastern.Register Now >

Connect with the The Future of IT Architecture blog