Microsoft mulls improving hypervisor security for the cloud with Bunker-V
It looks like Microsoft may be seeking a way to allow developers to hunker behind a security bunker when using the company's Hyper-V hypervisor.
Virtualization.Info site has some details on a new research project known as "Bunker-V" in which some Microsoft researchers are engaged. (I e-mailed one of them for further comment and explanation but have yet to hear back.)
Even without Microsoft comment, the slides from a talk entitled "Improving the Security of Commodity Hypervisors for Cloud Computing," which was part of the seventh annual Microsoft Research Networking Summit (which convened the first week of June), are fairly self-explanatory. (The authors, in addition to Microsoft researchers, include representatives from University of Illinois at Urbana-Champaign and the University of Wisconsin.)
The Virtualization.Info site (which I found via a tweet from Microsoft blogger Steven Bink on June 15) has a good synopsis of the Bunker-V project:
"The Bunker-V approach implies the removal of unnecessary virtual devices for guest OSes in the cloud (like floppy, keyboard, mouse, monitor or serial ports) and the removal of legacy virtual devices (like the keyboard controller or the ISA bus).
"Unfortunately this last category of interfaces is required to boot the guests so Microsoft is suggesting a new approach for booting called delusional boot that boots the OS on a separate note, isolated from the production data center."
Bunker-V can improve the security of hypervisors for cloud computing by reducing the at-risk "trusted computing base" (TCB) surface. The TCBs for "commodity hypervisors" like Xen and Hyper-V consist of "tens of millions of lines of code," according to the presentation, leaving these hypervisors open to attacks from guest virtual machines (VMs), as well as well as external physical attacks.
Bunker-V is focused on reducing the TCB attack surface by minimizing the interface between the TCB and guest VMs by eliminating unnecessary virtual devices. Microsoft says that this approach can reduce the TCB by 79% while retaining high performance for legacy OSes.
Here are a couple of slides from the Bunker-V presentation highlighting the virtual device categories and architecture of the project:
There is no detailed information about Bunker-V on the Microsoft Research site. There is, however, information on a research project called Bunker. "Bunker is a network tracing system that offers strong privacy while simplifying the development of network tracing software," according to the site. (Network tracing is, as its name suggests, a way to trace information about network traffic and other related information from an application. Network tracing is used to debug applications that are in development or already deployed.
The same Microsoft researchers working on Bunker-V -- Stefan Saroiu and Alec Wolman -- were part of a team that presented a paper on Bunker, calling it a "privacy oriented platform for network tracing," at the Usenix conference in April 2009.
So far, there's no further information as to when, how or if Microsoft is planning to move this project from research to commercialization. There's also no information as to how it would be incorporated with the existing Hyper-V technology. If/when I hear back from the Softies about the project, I'll update this post.