Re: Securing VM servers

[Paul Keser <pkeser () STANFORD EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike-

I would be interested in connecting off line.  We are currently looking
at how we want to architect virtual environments that contain restricted
data.  Our initial deployment is limited to non restricted data.

- -PaulK

Paul Keser
Assoc. Information Security Officer
Stanford University
650.724.9051
GPG Fingerprint:  DBA3 E20F CE91 28AA DA1C  4A77 3BD9 C82D 2699 24FB


Mike Lococo wrote:
> Reposting with a proper subject line.  I must have deleted it by
> accident, apologies.
>
> Thanks,
> Mike Lococo
>
> Mike Lococo wrote:
> > Greetings,
> >
> > I'm very interested in connecting offline with other folks who are
> > thinking about the architectural implications of virtualization with
> > regard to security boundaries.  We've poured a lot of thought into it
> > in my office, had fairly extensive conversations with VMWare technical
> > staff, and still have a lot of uncertainty about the best path forward
> > for our environment.
> >
> > > You might do a little searching for the research that Ed Skoudis and Tom
> > > Liston did on escaping virtual machines.  Below is an article that
> > > summarizes some of it.
> > >
> > > http://blogs.computerworld.com/node/5936
> >
> > That article is pretty thin on details.  I've never found a paper from
> > from Ed and Tom on that research, but some the most authoritative
> > links I've seen are:
> >
> > * Foolmoon has a writeup of what Ed and Tom presented at Sansfire 2007:
> > http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255
> >
> >
> > * Ed posted a comment at the following blog with some details:
> > http://www.cutawaysecurity.com/blog/archives/170
> >
> > * Tavis Ormandy wrote an excellent paper paper on fuzzing various
> > virtualization environments, all of which had crash bugs:
> > http://taviso.decsystem.org/virtsec.pdf
> >
> > It's worth noting that none of the research above applies to ESX, it's
> > all been done on Workstation or Server.  That's not to imply that ESX
> > has no flaws, just that it's a different architecture/codebase which
> > makes any kind of specific comparison to the public research difficult.
> >
> > Thanks,
> > Mike Lococo
> >
> > PS CISecurity has some hardening guides for VMWare, but they
> > completely punt on how/where to enforce trust boundaries.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIPvbAO9nILSaZJPsRAvlUAKCpSNQME3vNy2Nq6rFDZLS3BKt/gwCfaYpn
6rFtOXkqsuk5bNFe6Pkiq4o=
=J7dr
-----END PGP SIGNATURE-----