While conventional wisdom says virtualized environments and public clouds create massive security headaches, the godfather of Xen, Simon Crosby, says virtualization actually holds a key to better security.
Isolation -- the ability to restrict what computing goes on in a given context -- is a fundamental characteristic of virtualization that can be exploited to improve trustworthiness of processes on a physical system even if other processes have been compromised, says Crosby, a creator of the open source hypervisor and a founder of startup Bromium, which is looking to use Xen features to boost security.
If the virtual machine manager (hypervisor) can help isolate functions carried out on a system and thereby reduce the risk that an attack successful against one function can spread, that improves the trustworthiness of those other processes, Crosby says in an interview with Network World.
"I think that when we look back in five years we will actually figure out that the core value of hardware virtualization is security," Crosby says. "Actually it's better trust or better isolation, and not all of the grandiose cases we've come up with for virtualization today. So that even in the cloud the primary use case for virtualization will, in five years or so, be security and security through isolation."
Crosby was reluctant to detail how such a system would work because it is at the core of what Bromium is working on, and it doesn't plan to reveal that until next year. But earlier this year at the Xen Developers Conference, Bromium co-founder and chairman of Xen.org Ian Pratt offered some insight.
Introspection, a feature of Xen that enables virtual machines to be inspected by another trusted VM, could help discover compromises within VMs, he says. Xen can isolate driver domains, which enhances security, Pratt says.
Crosby says this isolation is similar to what XenClient does today, enabling for instance a corporate desktop and a personal desktop on the same machine, keeping their activities securely separate. A person's possibly risky personal behavior with the machine won't compromise the corporate functions.
"The key point I'm trying to make is that virtualization technology in general through isolation provides you a different context in which to execute code of different trust levels," he says.
Isolating processes more finely can boost security in public cloud environments, he says. "I think one will be to create a highly secure cloud system which can be used to deliver multilevel secure systems," he says.
As an example he points to Intel and McAfee's DeepSAFE technology, software that sits between the CPU and the operating system on a device, much the way a bare-metal (Type 1) hypervisor does. Its direct link to the hardware gives it a trusted position and a view into events on the machine beyond what the operating system sees, according to McAfee.
Sign up for Computerworld eNewsletters.