The ring architecture of modern CPUs arose from the need to protect the OS kernel from malicious or buggy applications. Unfortunately today’s OSes use only two of the four rings of the x86 architecture – and today’s security challenges are the result. The complexity and large attack surface of a modern OS, together with trends towards mobility and use of cloud services have created conditions for a security “perfect storm”: Endpoints and their human users are increasingly subjected to sophisticated, targeted attacks that evade detection to compromise the system in some unforeseen way.
But a new defensive technique is at hand, and is about to massively change the odds in favor of security “by design”: Hardware isolation, in the form of hardware Virtualization Technology, adds what is in effect a Ring “-1” to the x86 CPU, to enforce mutual isolation between virtual machines that share the same device. The hypervisor, which manages this isolation, relies on only a small TCB.
Using hardware virtualization specifically to deliver security (as opposed to virtualization benefits) represents the most powerful shift in systems architecture since the introduction of 64 bit operating systems.
There are several approaches: Micro-virtualization hardware isolates untrusted tasks within a single OS and can be applied to legacy and new systems, whereas Virtualization Based Security (VBS), adopted in Windows 10, uses virtualization to enhance protection for key OS data and services. Within the cloud, secure container isolation is an area of focus by numerous vendors.
This talk will explore the use of hardware isolation for protection. It will present a reference architecture for security architects to evaluate their choice of technology, comparing sandboxes, micro-virtualization, VBS, and secure OS containers, and will show how virtualization is used as a fundamental primitive to deliver infrastructure that is more secure by design.
The presentation plots the path forward for hypervisors in general, drawing on Xen to show how future virtual infrastructure – including client devices and clouds – will deliver both manageability and hardware-enforced security, and will include demonstrations.