Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

VMsafe: Cool for Virtualization Security, but no Panacea

by Neil MacDonald  |  February 18, 2009  |  9 Comments

VMsafe is essentially set of APIs at the level of the hypervisor/virtual machine monitor that VMware has opened up to developers (primarily of security tools). Since the virtual machine monitor arbitrates all access between the OSs that run on top of it and the shared hardware underneath (memory, CPU, disk and network), security vendors can tap into this unique visibility to provide new and improved types of security capabilities.

This concept of VMM-level visibility (“introspection”) holds the potential to radically transform security in virtualized environments and I have discussed this in detail in conference presentations and in published research. However, there are significant issues to be resolved with this approach, many of which will not be addressed in VMware’s first release of a VMsafe-enabled version of ESX (expected later this year).

In a previous post, I discussed how the legacy security vendors are fighting the move to virtualize – dragging their feet on delivering solutions we need for securing virtualized environments. I’ve seen the lack of VMsafe availability used as a stalling tactic by the vendors (“we’re waiting on VMsafe before delivering our solution…”). Don’t believe it. Network-based security protection can be run in ESX today as a virtual appliance and provide firewall and intrusion prevention services for the internal virtual network traffic. Host-based security protection solutions such as AV can be run today inside of a guest VM to provide protection within the VM. Sure, in the future VMsafe may enable these solutions to install more easily, possibly reduce the number of agents and potentially transform the way we secure virtual environments. Awesome! If I’m responsible for VM security, I’ll consider it after the APIs ship, after the vendors finally ship their VMsafe-enabled solutions, after I’ve got a level of comfort that these VMsafe-enabled security solutions don’t in of themselves introduce new security vulnerabilities, after I’ve tested both thoroughly and when I’m prepared to migrate (oh, and when I’ve got the budget).

Note to self: Check back on VMsafe in at least a year when all of this starts to become a reality. Radical transformation can wait. I’ve got real virtualization initiatives that need to be deployed securely now.

9 Comments »

Category: Virtualization Security     Tags: , , ,

9 responses so far ↓

  • 1 Robin Ore   February 20, 2009 at 3:51 am

    Great article! Thankyou for bringing up the issue. I wrote an article entitled, “The New Wireless World Order” and another entitled, “Your Brain and Civil Rights”. “Brainhacking”, as I called it is an unacceptable intrusion and in many ways can be considered potentially lethal. We cannot afford insecure virtual networks that access the human brain and body. In terms of network architecture and safeguarding privacy, it is important to address issues of who’s privacy. The users in these cases are using people they have access to, if a person has been “Brainhacked”. There is no question where brain to brain interfaces in the “clouds” of next generation networks is heading. Into the brains of little and big girls everywhere for games that may not at all be to their liking. The issues of security should focus first on children, scientists, government employees, women, men, and finally, pets. There won’t be any room for error. Once hackers have your “brain signature” and code information…your life is lost in the fog of mind control. Worse, our security and monitoring, unless computerized will be sub contracted out to India, China and Mexico.

  • 2 Neil MacDonald   February 20, 2009 at 12:01 pm

    History has shown that any technology that can be used for good things can also be used for bad things.

    Virtualization helps us to reduce costs and improve efficiencies via data center consolidation. Then the bad guys figure out this new layer is an attractive target to hack and gain easy access to all of the workloads hosted on the server.

    So, VMware develops VMsafe — a set of APIs for security tools to gain the upper hand on the bad guys. However, I can tell you with 100% certainty that these APIs will become a target for attack. Security software that has access to these sensitive APIs will be also become a target for attack.

    Does this mean we don’t use these technologies? Not at all. But we need to think proactively how these technologies might be used in unexpected and malicious ways. The time to do this is before these technologies are put into use, not after something bad happens.

  • 3 VMware Unveils vShield and Raises the Security Bar for all Virtualization Vendors   March 4, 2009 at 9:06 am

    [...] The vShield technology comes out of VMware’s acquisition of Blue Lane in late 2008 and is able to enforce separation and isolation of VM-based workloads using logical constructs like VM and protocol identities. Note that vShield is really something different than the VMsafe set of APIs I discussed recently. [...]

  • 4 The 5 Stages of Virtualization Security Vendor Maturity   March 13, 2009 at 5:39 pm

    [...] keeps saying they have a version “on their roadmap” or are using stall tactics like “we’re waiting on VMsafe before delivering a solution”. Worse, they appear on main stage  at a big event like VMworld [...]

  • 5 Moore’s Law Enables Virtualized Security   August 28, 2009 at 1:42 pm

    [...] ever-increasing number of cores available along with advances like VMsafe and VMsafe’s “fast path” as well as improvements in i/o virtualization with next-generation [...]

  • 6 VMware vSphere VMSafe - are there any actual products yet? | VirtualPro   December 1, 2009 at 2:59 pm

    [...] Neil Macdonald of Gartner makes a good point about the potential for VMSafe appliances to introduce possible security vulnerabilities at a lower level in the infrastructure. [...]

  • 7 VMware VMSafe – Are there any actual products yet? – Gestalt IT   December 10, 2009 at 10:00 am

    [...] Neil Macdonald of Gartner makes a good point about the potential for VMSafe appliances to introduce possible security vulnerabilities at a lower level in the infrastructure. [...]

  • 8 No Security (or Management) Controls are Absolute When Users run as Administrators   December 17, 2009 at 2:50 pm

    [...] affects all vendors, not just the ones that answer the RFI/RFP honestly. This is another area where virtualization and introspection techniques offer new and interesting ways of implementing security controls outside of the OS container that [...]

  • 9 Doing Things Better With Virtualization   December 22, 2009 at 9:47 am

    [...] I talked about in this post, virtualization will offer new and interesting ways to improve security. VM state inspection (or [...]