The ring architecture of modern CPUs arose from the need to protect the OS kernel from malicious or buggy applications. Unfortunately today’s OSes use only two of the four rings of the x86 architecture - and today’s security challenges are the result. The complexity and large attack surface of a modern OS, together with trends towards mobility and use of cloud services have created conditions for a security “perfect storm”: Endpoints and their human users are increasingly subjected to sophisticated, targeted attacks that evade detection to compromise the system in some unforeseen way.
But a new defensive technique is at hand, and is about to massively change the odds in favor of security “by design”: Hardware isolation, in the form of hardware Virtualization Technology, adds what is in effect a Ring “-1” to the x86 CPU, to enforce mutual isolation between virtual machines that share the same device. The hypervisor, which manages this isolation, relies on only a small TCB.
Using hardware virtualization specifically to deliver security (as opposed to virtualization benefits) represents the most powerful shift in systems architecture since the introduction of 64 bit operating systems.
There are several approaches: Micro-virtualization hardware isolates untrusted tasks within a single OS and can be applied to legacy and new systems, whereas Virtualization Based Security (VBS), adopted in Windows 10, uses virtualization to enhance protection for key OS data and services. Within the cloud, secure container isolation is an area of focus by numerous vendors.
This talk will explore the use of hardware isolation for protection. It will present a reference architecture for security architects to evaluate their choice of technology, comparing sandboxes, micro-virtualization, VBS, and secure OS containers, and will show how virtualization is used as a fundamental primitive to deliver infrastructure that is more secure by design.
The presentation plots the path forward for hypervisors in general, drawing on Xen to show how future virtual infrastructure – including client devices and clouds - will deliver both manageability and hardware-enforced security, and will include demonstrations.
Simon Crosby is co–founder and CTO at Bromium. He has published more than 40 patents and papers in systems design, security and performance. He was founder and CTO of XenSource, acquired by Citrix, where he then served as CTO of the Virtualization & Management Division. Previously, Simon was a Principal Engineer at Intel where he led strategic research in distributed autonomic computing, platform security and trust. He was also the Founder of CPlane Inc., a SDN vendor. Prior to CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems.