NC State, IBM Researchers Send Hypervisor Security Into “Stealth Mode”
Although it’s currently in the prototype phase, there is some hope on the horizon for those concerned with the far-off (but nonetheless quite unsettling) possibility of hypervisor attacks, which if successfully executed, would threaten the integrity of a shared virtualized environment.
Researchers from North Carolina State University and IBM have created a security tool that works in stealth mode to monitor for hypervisor attacks without attackers being aware that such a tool is in place. The software, called HyperSentry, functions outside of the hypervisor to examine, in real time, when and if the hypervisor has been attacked.
One of the lead researchers on the project, Dr. Peng Ning, claims that the tool measures a hypervisor’s integrity without the hypervisor knowing it’s being measured, which he claims offers some “peace of mind about the system’s integrity.”
Given the relative sophistication of malware it is possible for some of it to slip past current security monitoring tools and software that only sees the memory where the hypervisor is stationed and can then remain undetected by altering pieces of the CPU. HyperSentry actually has a view into the hypervisor and can see where it is located at all times, even if an attack has altered its location.
The possibility of hypervisor attacks is one of the more often-cited reasons why there is a great deal of concern about a multitenant environment, particularly for those who are considering taking their mission-critical applications outside of the firewall. Still, it is worth repeating that such attacks are very rare but, as Dr. Peng Ning reminded, “if there was one, the consequences would be quite serious. Think about Amazon with so many machines running and so many things being attacked.”
Full story at Dark Reading