It's the hypervisor's job to convince each guest OS that it and it alone has access to the host server's physical resources, while juggling access to ensure that programs and data don't leak between OSes. Additional layers of code privilege for virtualized platforms on modern chipsets allow vendors to reduce the impact of a misbehaving guest OS in the event of a security breach or errant application.
To further minimize the risk of a compromised platform intercepting guest communications to the underlying hardware, some form of transaction confirmation needs to be implemented.
The Trusted Computing Group's most widely adopted standard is TPM, or Trusted Platform Module. The TPM is a critical element for a trusted hypervisor, providing hardware-based trustable root certificates, a trusted location for performing measurements and several registries where trust measurements can be stored. TPM hardware encryption provides a guaranteed method for guest OSes to vet communications with the hypervisor.
The goal of TPM is to provide tamper detection and prevention; Intel's implementation, for example, offers trusted VMM whitelists on a hosted platform. TPM is enabled before any software is loaded and can provide owner confidence over the boot sequence and ensure the authenticity of each system element as it loads. In a nutshell, the TPM hands control of the platform to the hypervisor only after the hypervisor has been loaded into a known, trusted state.
These concepts sound familiar? In higher-end versions of Vista, Microsoft relies on chipset-based TPM to provide BitLocker functionality for encrypting data stored on local drives. Future Intel and AMD hardware platforms are also slated to use TPM to forge trusted paths to attached peripherals, relying on it to create and store unique keys for hardware-level encryption of data paths. This encryption, in combination with validation of virtualization components, should make intercepting the TPM/hypervisor handoff more difficult, increasing IT's confidence that OS communications to and from the hypervisor are untainted.The Simple Things In Life
