Security vendors and doomsayers have been using the specter of virtualized rootkits, undetectable malware worming its way into virtualized environments, and all manner of other bogeymen to warn people about the potentially terrifying security implications of deploying virtualization in their environments. So it’s only fitting that on Halloween we get word of an epic costume drama starring two of the virtualization world’s top draws: Chris Hoff and Simon Crosby. The two have been going back and forth for weeks on their respective blogs over the role of virtualization vendors in the security world, much to the amusement of the security community. Crosby, the CTO of Citrix, maintains that security should be added to Citrix’s Xen products by aftermarket vendors.
Unlike VMware, which with its acquisitions of Blue Lane, and Determina seems set for head to head competition with the security industry, we believe that this capability set is best added on top of the Xen hypervisor base by an ecosystem of vendors and the community, in a way that allows those vendors to add value to all Xen based products, independent of the particular Xen vendor. If, say, a McAfee or Symantec product were released for the Xen Introspection API, then it is our specific goal that it would work for XenServer and for all other Xen based products on the market.
Hoff, chief security architect at Unisys and a frequent speaker on virtualization security topics, isn’t convinced. He sees the role of hypervisor vendors in the security world differently. On his Rational Survivability blog, he says:
It’s important to understand that I’m not suggesting that virtualization platform providers should secure the actual guest operating systems but they should enable an easier and more effective way of doing so when virtualized.
I mean that the virtualization platform providers should ensure the security of the instantiation of those guests as “hosted” by the virtualization platform. In some cases this means leveraging technology present in the virtualization platform to do things that non-virtualized instances cannot. That’s more than just securing the hypervisor.
Securing the hypervisor whilst closing your eyes to the likelihood that the majority of attacks against it and other guests will come from “guests” within the same system is planting your head in the sand. That means that there will be a need to ensure that certain behaviors specific to the hosted guests are mitigated to ensure that bad things don’t happen — to the guest or the hypervisor.
Transferring the responsibility to secure the environment to third party security ISV’s in order to secure the VM’s and preventing them from compromising one another or the hypervisor is difficult for me to comprehend, especially when they are playing catch up of what virtualization means within the context of security.
So how to settle this? Glad you asked. Hoff has proposed — and Crosby has accepted — a “sumo suit smackdown” at next year’s RSA conference.
What: Sumo Suit VirtSec Smackdown (how Xen/Zen!)
Who: Simon Crosby vs. Chris Hoff
Where: RSA 2009, Moscone Center, San Francisco, Venue TBD
When: During the April 20-24th, 2009 timeframe
Why: You know why…
Wow: This will be a charity event with the proceeds going to Johnny Long’s Hackers for Charity which you can find out about here.
None of the Vegas sports books has a line on the bout yet, but considering that Hoff is an expert in Brazilian jiu-jitsu, I’d make him an early 3:1 favorite. I can virtually guarantee it will be more entertaining than any of the RSA keynotes and the Kimbo Slice-Seth Petruzelli fight.