Re: Securing VM servers

[Mike Lococo <mike.lococo () NYU EDU>]

Reposting with a proper subject line.  I must have deleted it by
accident, apologies.

Thanks,
Mike Lococo

Mike Lococo wrote:
> Greetings,
>
> I'm very interested in connecting offline with other folks who are
> thinking about the architectural implications of virtualization with
> regard to security boundaries.  We've poured a lot of thought into it in
> my office, had fairly extensive conversations with VMWare technical
> staff, and still have a lot of uncertainty about the best path forward
> for our environment.
>
> > You might do a little searching for the research that Ed Skoudis and Tom
> > Liston did on escaping virtual machines.  Below is an article that
> > summarizes some of it.
> >
> > http://blogs.computerworld.com/node/5936
>
> That article is pretty thin on details.  I've never found a paper from
> from Ed and Tom on that research, but some the most authoritative links
> I've seen are:
>
> * Foolmoon has a writeup of what Ed and Tom presented at Sansfire 2007:
> http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255
>
> * Ed posted a comment at the following blog with some details:
> http://www.cutawaysecurity.com/blog/archives/170
>
> * Tavis Ormandy wrote an excellent paper paper on fuzzing various
> virtualization environments, all of which had crash bugs:
> http://taviso.decsystem.org/virtsec.pdf
>
> It's worth noting that none of the research above applies to ESX, it's
> all been done on Workstation or Server.  That's not to imply that ESX
> has no flaws, just that it's a different architecture/codebase which
> makes any kind of specific comparison to the public research difficult.
>
> Thanks,
> Mike Lococo
>
> PS CISecurity has some hardening guides for VMWare, but they completely
> punt on how/where to enforce trust boundaries.