Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Sensors/MEMS

VMs tighten up PC security

Posted: 01 Jul 2005 ?? ?Print Version ?Bookmark and Share

Keywords:vm? pc? security? internet? intranet?

Can we have the benefits of modern computing without the security risks? Although there is no magic answer, the technology of virtual machines can enhance security and provide an upgrade path to more secure computing without throwing away the usability we have come to expect.

One path to security would be to have two PCs: one connected to the Internetwith its associated risks of viruses, worms and other cyber attacksfor e-mails and browsing, and a "critical" PC, not connected to the Net, for storing important files and applications.

But the extra cost, space and pain of maintaining two PCs would be prohibitive, and moving data between the two environments would be inconvenient. Imagine e-mailing an important document written on the unconnected PC. Burning the document to a removable storage device and transferring it to an Internet PC would get old pretty quickly.

Enter the virtual machine. A VM is a software application that mimics a hardware platform so that the software (OS and applications) that normally runs directly on the hardware platform can instead run under software control. Since a VM is itself just software, multiple copies of the VM can run on a single computer.

Using this model, one VM could be used as an Internet PC and another as a critical-PC environment. The environments might share a single disk, as long as the disk could be securely partitioned. At least theoretically, data could be more easily transferred between the two environments. And more than two independent environments could be run, depending on the available hardware resources.

While this sounds good in theory, the VM environment must still provide a window manager that lets the user switch securely between the two environments.

High-assurance kernels

That is easier said than done. Security and performance are often at odds, and the VM needs both. A VM has to perform a lot of the work that the hardware did, and do it without jeopardizing the overall security of the system. If the VM software is itself too complex, then it will suffer from the same security vulnerabilities and lack of assurances as current PC operating systems: Instead of the OS, the VM itself could be subverted. Aggravating the problem, some VMs run in supervisor mode, which means that they have direct control of all the physical resources (CPU time, memory, devices) of the computing hardware. A bug or security flaw in the code could therefore have disastrous consequences. A better approach is to run the VM as a user-mode application and use a high-assurance kernel to control the hardware and run the VMs.

If the VMs run in user mode, then only the virtual PC environment running under the control of the VM application is at risk if there are any bugs or security vulnerabilities in the VM itself. Essentially, the VM must then only have the same security assurance level as the OS it is hosting. In the case of Windows and Linux, the level of assurance is relatively low.

Not all OSes are insecure. In fact, there have been a number of OSes developed over the years that have been judged to be secure by independent evaluating authorities. Many of those OSes come from embedded-software vendors, for which security and reliability are primary requirements. But these OSes have not been widely used in the PC arena because they lack the bells and whistles that we all have come to expectbells and whistles that, if added haphazardly, can compromise security.

Secure microkernels are extremely limited in the services they attempt to provide: hardware initialization, device control, application scheduling and application partitioning. This last feature is arguably the most important.

By enforcing a separation policy, the kernel can guarantee that two independent VM environments cannot affect each other (thus the nickname "separation kernel"). With a limited set of services and security features, the separation kernel can run a full virtual PC environment while maintaining the required high level of security. A malicious application on the Internet side cannot steal resources, corrupt or read data or otherwise harm the critical side.

Beyond the desktop

Any computing system that has a hybrid real-time or security requirement combined with the need to run legacy OS software and applications can benefit from VM technology. Desktops, servers, PDAs and traditional embedded systems all have a potential application. Boeing, for example, is using combined separation kernel and virtualization technology to run the Linux OS and applications alongside secure, real-time native applications for a next-generation software-defined radio.

Unfortunately, legacy OSes that were not designed for high levels of security will never attain them. It is not practical to limit or discover all of the security vulnerabilities in software that consists of millions of lines of code. In contrast, a well-designed, highly assured separation kernel may be as small as a few thousand lines of code. VM technology running in user mode under control of a separation kernel improves security by providing padded cells in which legacy OSes, in all their feature-rich glory, can reside.

Although a critical application may be protected from other goings-on in a different padded cell, however, it is still subject to the same reliability and security problems inherent in the large legacy OS.

Over time, these critical applications can be re-hosted onto the separation kernel, where they can achieve the highest possible assurance.

VM technology, coupled with the separation kernel, presents an upgrade path to improved security over time without sacrificing the usability and functionality we have come to expect.

- David Kleidermacher

VP of Engineering

Green Hills Software Inc.

Article Comments - VMs tighten up PC security
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top