Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Security No-brainer #3: Root of Trust Measurements for Hypervisors

by Neil MacDonald  |  April 18, 2009  |  1 Comment

During the course of my blogging activities, this is the third time I’ve talked about something the security industry should do that I believe is so obvious that I called it a “no-brainer”.

The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs.

The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the execution of unauthorized code in this security-sensitive layer.

I’ll add a third to the list: hardware-based root of trust measurements for ensuring hypervisor/VMM integrity at boot. TPM chips that form the foundation for this measurement are nearly ubiquitous in desktops and heading this way for servers. Microsoft has already shown this technology is feasible for mainstream commercial adoption with a TPM-based root of trust option for BitLocker (available in the Ultimate and Enterprise SKUs of Windows Vista).

Since this virtualization layer is so sensitive, why don’t we make sure it hasn’t been tampered with during the boot process?

Very few vendors do this today – for example a vendor and technology I identified as a 2009 Gartner “Cool Vendor” Integrity Global Security’s INTEGRITY (spun out from Green Hill’s military-grade solution) offers this. Looking forward, Citrix has promised this with its new desktop hypervisor. It’s also on VMware’s roadmap for vSphere (the next release of ESX). Let’s hope this feature makes it into the shipping release of vSphere.

By no means are we anywhere close to what is needed for sufficient trust in our hardware virtualization software, but measurement of the hypervisor/VMM is a mandatory starting point. The foundation of a trustable computing platform must start at the bottom.

I’ve been asking the industry to deliver this and a whole slew of security features for the hypervisor/VMM layer (and advising clients to pressure their vendors for these) for years. 2009 looks like the year that TPM-based root of trust hypervisor/VMM measurements will become mainstream. Seems like a no-brainer to me.

1 Comment »

Category: Next-generation Data Center Virtualization Security     Tags: , , ,

1 response so far ↓