Gartner Blog Network

Security No-brainer #3: Root of Trust Measurements for Hypervisors

by Neil MacDonald  |  April 18, 2009  |  1 Comment

During the course of my blogging activities, this is the third time I’ve talked about something the security industry should do that I believe is so obvious that I called it a “no-brainer”.

The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs.

The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the execution of unauthorized code in this security-sensitive layer.

I’ll add a third to the list: hardware-based root of trust measurements for ensuring hypervisor/VMM integrity at boot. TPM chips that form the foundation for this measurement are nearly ubiquitous in desktops and heading this way for servers. Microsoft has already shown this technology is feasible for mainstream commercial adoption with a TPM-based root of trust option for BitLocker (available in the Ultimate and Enterprise SKUs of Windows Vista).

Since this virtualization layer is so sensitive, why don’t we make sure it hasn’t been tampered with during the boot process?

Very few vendors do this today – for example a vendor and technology I identified as a 2009 Gartner “Cool Vendor” Integrity Global Security’s INTEGRITY (spun out from Green Hill’s military-grade solution) offers this. Looking forward, Citrix has promised this with its new desktop hypervisor. It’s also on VMware’s roadmap for vSphere (the next release of ESX). Let’s hope this feature makes it into the shipping release of vSphere.

By no means are we anywhere close to what is needed for sufficient trust in our hardware virtualization software, but measurement of the hypervisor/VMM is a mandatory starting point. The foundation of a trustable computing platform must start at the bottom.

I’ve been asking the industry to deliver this and a whole slew of security features for the hypervisor/VMM layer (and advising clients to pressure their vendors for these) for years. 2009 looks like the year that TPM-based root of trust hypervisor/VMM measurements will become mainstream. Seems like a no-brainer to me.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: next-generation-data-center  virtualization-security  

Tags: hypervisor-security  security-no-brainer  virtualization-security  vsphere  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Security No-brainer #3: Root of Trust Measurements for Hypervisors

  1. […] The third was advocating the use of measurements of trust for virtualization software (starting with… […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.