Educause Security Discussion mailing list archives
Re: Securing VM servers
From: Paul Keser <pkeser () STANFORD EDU>
Date: Thu, 29 May 2008 11:32:32 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike- I would be interested in connecting off line. We are currently looking at how we want to architect virtual environments that contain restricted data. Our initial deployment is limited to non restricted data. - -PaulK Paul Keser Assoc. Information Security Officer Stanford University 650.724.9051 GPG Fingerprint: DBA3 E20F CE91 28AA DA1C 4A77 3BD9 C82D 2699 24FB Mike Lococo wrote:
Reposting with a proper subject line. I must have deleted it by accident, apologies. Thanks, Mike Lococo Mike Lococo wrote:Greetings, I'm very interested in connecting offline with other folks who are thinking about the architectural implications of virtualization with regard to security boundaries. We've poured a lot of thought into it in my office, had fairly extensive conversations with VMWare technical staff, and still have a lot of uncertainty about the best path forward for our environment.You might do a little searching for the research that Ed Skoudis and Tom Liston did on escaping virtual machines. Below is an article that summarizes some of it. http://blogs.computerworld.com/node/5936That article is pretty thin on details. I've never found a paper from from Ed and Tom on that research, but some the most authoritative links I've seen are: * Foolmoon has a writeup of what Ed and Tom presented at Sansfire 2007: http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255 * Ed posted a comment at the following blog with some details: http://www.cutawaysecurity.com/blog/archives/170 * Tavis Ormandy wrote an excellent paper paper on fuzzing various virtualization environments, all of which had crash bugs: http://taviso.decsystem.org/virtsec.pdf It's worth noting that none of the research above applies to ESX, it's all been done on Workstation or Server. That's not to imply that ESX has no flaws, just that it's a different architecture/codebase which makes any kind of specific comparison to the public research difficult. Thanks, Mike Lococo PS CISecurity has some hardening guides for VMWare, but they completely punt on how/where to enforce trust boundaries.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPvbAO9nILSaZJPsRAvlUAKCpSNQME3vNy2Nq6rFDZLS3BKt/gwCfaYpn 6rFtOXkqsuk5bNFe6Pkiq4o= =J7dr -----END PGP SIGNATURE-----
Current thread:
- Securing VM servers Michael Jewett (May 29)
- <Possible follow-ups>
- Re: Securing VM servers HALL, NATHANIEL D. (May 29)
- Re: Securing VM servers Jenkins, Matthew (May 29)
- Re: Securing VM servers Jeff Wolfe (May 29)
- Re: Securing VM servers Mike Lococo (May 29)
- Re: Securing VM servers Paul Keser (May 29)
- Re: Securing VM servers Alex (May 29)
- Re: Securing VM servers John Ladwig (May 29)
- Re: Securing VM servers John Hoffoss (Jun 06)