Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Virtualization's Promise And Problems: Page 8 of 9

Through the hypervisor, security specialists can apply "an unprecedented level of instrumentation over a virtual machine"; such isolating and monitoring is harder to implement over physical servers, McCorkendale says.WHO TO TRUST
Citrix, owner of XenSource, doesn't have a VMsafe-type plan, but its hypervisor, Xen, contains security features that were derived from IBM's experience in virtualization. IBM Research produced sHype hypervisor security cloaking and donated it to the Xen open source project; sHype is slated to be built into Xen and Citrix's products.

An sHype-equipped hypervisor knows which virtual machines can be trusted to share data with other VMs and which can't. SHype monitors the VM components, recording "a unique fingerprint" of their correct configuration and then watching for any changes. As long as the configuration remains the same, it's a trusted resource.

If a running application suddenly takes on a new bit of functionality, because of an intruder or other cause, sHype detects the modification and changes its status to an untrusted component. The same principle applies to the guest operating system running a VM; operating systems are frequently an avenue of attack for intruders.

"We use trusted computing technology to measure the integrity of the running components," said Ron Perez, an IBM Research senior manager. The hypervisor is told which virtual machines may trust each other as they're fired up. It then watches to ensure that each of those VMs remains trustworthy.

In a management console, sHype shows virtual machines that can talk to each other in the same color. "A blue machine may talk to another blue machine, but a blue machine must never be allowed to talk to a red machine," Perez says. This approach leads to very strong isolation guarantees, he says.