The following story was written by guest contributor Simon Crosby.
In a recent piece, Steven J. Vaughan-Nichols writes that hypervisors may be the Achilles Heel of the cloud. The piece draws on a discussion with Linux kernel developer Matthew Garrett, who raises the spectre of targeted attacks on cloud hypervisors: "Once someone gets to the hypervisor then it's game over, everyone can be compromised."
Garrett is technically correct: Vulnerabilities in all major hypervisors and their support code have been documented (eg: Xen, VirtualBox, VMware ESX and Workstation, Hyper-V). Research published by my colleagues Rafal Wotczuk and Rahul Kashyap at Black Hat highlights the potential for devastating "guest to hypervisor" attacks.
But my emphasis on the word potential is deliberate: I'm not convinced that hypervisor attacks ought to be viewed as a significant concern for cloud security, for many reasons:
In my view Vaughn-Nichols is losing sight of the big picture: What is the overall risk faced by a customer adopting the cloud, versus running the application on their own infrastructure? The title of his piece is belied by the fact that to date there have been no reports of real-word attacks, and merely adds fuel to the fire of cloudophobia.
The future of secure infrastructure looks brighter too. Both hardware and software technologies are becoming available that will greatly diminish the threat due to attacks via low-level systems infrastructure.
For example the PrivateCore extensions to KVM encrypt VM memory and storage at run-time. The platform validates server integrity and counters persistent attacks such as rootkits or bootkits, and secures both the hypervisor and cloud user against malicious server hardware.
Expect to see such features in hardware soon. For example "trusted enclaves" made possible by Intel SGX technology that will ensure that the data in an enclave (VM) is protected even in the event that the hypervisor itself is compromised.
Finally, there is a rich vein of academic research on techniques to protect hypervisors and guests. I only wish that the press would do more to promote tools and techniques to educate careless application developers to build more secure cloud applications.
Simon Crosby is CTO of Bromium and was previously CTO of Citrix, Inc.