Gartner Blog Network

Another Hypervisor Hack

by Neil MacDonald  |  March 14, 2010  |  1 Comment

Stuck at the airport after two consecutive JetBlue flight cancellations (and hoping the third isn’t cancelled as well), I ran across this recent article on a publicly documented and confirmed hypervisor attack – this time on the hypervisor used in the Sony PS3 (in this cases using a hardware-based timing attack). A different exploit (not based on hardware timing) was publicized last year on Microsoft’s Xbox.

This doesn’t mean that hypervisors are inherently insecure. The lesson? If the target is attractive enough, the bad guys will find a way to break in. In the case of a gaming console, it’s about stealing intellectual property in the form of games. In the case of our data centers, it’s also about stealing our intellectual property, just in a different form.

And like the gaming consoles, it would be a mistake not to assume that the x86 virtualization layer we are installing in our data centers won’t be subjected to similar types of intense scrutiny for vulnerabilities. But, unlike the gaming consoles, don’t expect the hacker that steals your stuff to post it on a public web site for fame and glory. Today’s attacks are targeted and stealthy. Many times, you don’t know you’ve been hit until well after the fact.

Further, I’d argue that these x86-based virtualization platforms we are putting in our data centers are the most critical x86 workload we are responsible for and should be protected accordingly. I provide pages of specific recommendations on how to do this in this research note for clients.

By the way, the free WiFi , seating and power jacks in JetBlue’s new Terminal 5 at JFK made the delays a bit more tolerable, but it was clear that it is still not prepared in terms of staffing and communications for significant disruptions from weather.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: next-generation-data-center  virtualization-security  

Tags: hypervisor-security  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Another Hypervisor Hack

  1. smith says:

    Hi, This post is good. Good job Folks! Knowing such things in the technology world keeps our eye brows rising. Hence every body who uses the computer technology should be up to date in security related information. For more information on the topic go through the link:

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.