Tag Archives: Hardware Root of Trust

Harris Trusted Cloud – Closing the Gap

On the 4/7/2011 Virtualization Security Podcast, we were joined by Wyatt Starnes of Harris Corporation. Wyatt is the Vice President of Advanced Concepts of Cyber Integrated Solutions at Harris. What this means, is that Wyatt is one of the key folks of the Harris Trusted Cloud initiative. Trust is a funny word, and we have written about that in the past.

2011 04 11 07 29 13
Figure 1: Trust Chain of Integrity

Harris’ approach is unique in that they are attempting to ensure integrity of all components of the cloud down to the code level, not just the network with their target being the hosted private cloud and NOT the secure multi-tenant public cloud.

Granted their approach could be used for a Secure Multi-Tenant Public Cloud, and I feel will be required for such a cloud to exist. So what is their approach? It all starts with a company Harris bought a while back: SignaCert which is a different approach to what Tripwire does today (as Wyatt Starnes was an original founder of Tripwire). SignaCert has an ever growing database of software signatures. The software signature gathering component and process becomes part of the supply chain for all components into the Harris Trusted Cloud.  These components include signatures for routers, switches, operating systems, and applications which are generated as close to the software release process as possible. Continue reading Harris Trusted Cloud – Closing the Gap

vSecurity gets a boost from TPM/TXT

During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.

At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.

Continue reading vSecurity gets a boost from TPM/TXT