The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

There have been several interesting posts in the blogosphere about virtualization security and how to measure it. Specifically, the discussions are really about the size of the hypervisor footprint or about the size of patches. But hypervisor footprints from a security perspective are neither of these. The concern when dealing with hypervisor security is about Risk not about the size of the hypervisor or the size of a patch it is purely about the Risks associated with the hypervisor in terms if confidentiality, availability, and integrity.

There is quite a bit of documentation on bare metal or Type 1 hypervisors, including my own book, VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment, but there is not much material on the proper security of hosted environments, or Type 2 hypervisors, such as Microsoft Virtual Server, VMware Workstation, Fusion, Player, or Server as well as Qemu, Virtuozzo, or OpenVZ.

The biggest question I ask myself when I see VMsafe appliances is: will it replace my current virtual firewall setup? Replace my Anti-virus? or Both? I am seeing a trend that gives me pause. That is a VMsafe appliance being more than one thing. For example, Trend Micro is an Anti-Virus company that bought Third Brigade (a firewall company) and are now in the mix of merging the two technologies into one. What has happened to one tool that does one thing and does that one thing very well?

The use of VMware VMsafe enabled third party products introduces third party fastpath drivers into your hypervisor. What these drivers ultimately do is interact with the VMsafe fastpath API, but is that ALL they do? That is why we need some level of certification for VMsafe fast path drivers. We need to KNOW that they do not do anything wrong, bad, or unfortunate.

In many cases when you start to discuss security of virtualization, you soon drop into a discussion of virtual networking, and management network security. In other words you are laying out the traditional security zones that exist within the networking world. Network security, virtual and physical, is extremely important however there is more to virtualization security than just your network. Here are some new ways to consider virtualization security.