I’m preparing to travel to Hobart for LCA next week, which will be a refreshing break from the 40° heat in Sydney, and from conference jet lag—this will my first same-timezone conference in a couple of years, and the closest I’ve ever been to Antarctica.
With increased use of virtualization, one security benefit of physically separated systems — strong isolation — is reduced, an issue which may be ameliorated with the application of MAC security (e.g. SELinux, SMACK) in the host system.
For example, a flaw in the hypervisor or errant misconfiguration of the host may allow a virtualized guest OS to “break out” into the host environment and compromise other guests. By applying MAC security to virtual machine instances at the host level, such threats may be mitigated through strong isolation and containment of guests.
If you think hypervisor flaws are merely some kind of theoretical threat, you’re dreaming. A large number of folk seem to be entirely unware of virtualization security issues, according to Joe Hernick of Network Computing:
To find out how prepared our readers are, we fielded a survey—and got some eye-popping results. We can’t help thinking that the 43% saying they feel virtualized machines are just as safe and secure as traditional environments are whistling past the graveyard. Of the 384 IT operations and security professionals responding, a mere 11% have put formal strategies in place to protect their VMs.
Hyperbole aside, people who are deploying virtualized systems definitely need to start thinking about this stuff.
The sVirt project is currently in initial development, with the aim of making a v1.0 release shipping this year in Fedora. A key feature of the initial release will providing simple MAC isolation of KVM domains, so virtualized systems can’t attack each other or the host system.
While Dan Walsh gave an ad-hoc talk on the subject last week at Fudcon in Boston, and I gave an ad-hoc lightning talk at Foss.my, this will be the first planned presentation properly outlining the goals, architecture and implementation strategy; and how this is part of extending flexible MAC security across every level of the modern application stack from the local OS to the globally distributed environment (cloud, grid et al). There’s no shortage of interesting and bizarrely difficult problems to solve in this area. Or buzzwords.
LCA looks to be a fun conference this year, if not perhaps a little subdued due to the economic crisis (and hopefully nothing to do with Tasmania being the world’s leading producer of pharmaceutical opiates).
Talks I hope to see include:
- AIO: Why is this so hard? (Zach Brown)
- Using a Malicious User-Level RCU to Torture RCU-Based Algorithms (Paul McKenney)
- Geek my Ride (Jon Oxer and Jared Herbohn)
The organizers have just announced mystery prizes for folk registering in the final week, so if you’re yet to decide whether to attend, there’s some more encouragement.