Locking down Windows with virtualization
Linux-based virtualization could strengthen Windows access control, Red Hat CTO suggests
- By Joab Jackson
- Nov 20, 2009
When the National Security Agency implemented its Flask secure architecture for Linux several years back, resulting in Security Enhanced Linux, a lot of people wondered if NSA would develop a similar version for Microsoft Windows.
The Flask's set of mandatory access controls allow for fine-grain control of what processes are allowed to run on a machine, as determined by policies an administrator sets. Although probably too fine-grained for most everyday duties, MAC works well in high-security settings, the kind many government agencies must maintain.
Companies such as Red Hat have rolled the SE Linux modules into their own distributions, resulting in commercially available, high-security Linux operating environments. But what if a government agency needed to run a Windows-based application in a highly secure environment?
Although NSA has indicated that it would be up to Microsoft to implement MAC on Windows, Red Hat may have come up with a way to do the next-best thing by way of its new virtualization software.
Virtualization capabilities added into the latest version of Red Hat Enterprise Linux could be used to apply MAC capabilities to virtualized instances of the Microsoft Windows operating system, suggested Brian Stevens, Red Hat's chief technology officer.
"We can actually secure Windows from outside of Windows," Stevens said, speaking with GCN at the Government Open Source Conference, held earlier this month in Washington. "That's a pretty interesting model for IT people to extend."
Key to this approach is a new kind of virtualization software, named the Kernel-Based Virtual Machine, that Red Hat rolled into the latest version of RHEL
Unlike the Xen virtualization software, which has been an optional software package for RHEL, KVM is not a stand-alone software program. Rather, it is a module that can be compiled directly into the kernel. "For all these organizations that run Linux, they can just basically load a driver" and get full virtualization support, Stevens said.
The advantage of KVM is that all the virtual instances that it runs can be controlled and managed by the standard set of Linux administration tools, like schedulers. Or Mandatory Access Controls. "SE Linux can control the virtual machines," Stevens said. "Now, even when one of the guests is compromised, none of the other applications on the box can be compromised any longer because the SE Linux controls protect the virtual machine."
In other words, SE Linux can now be used to secure other operating systems, once they are virtualized, including Windows. With a RHEL 5.4, with the KVM module loaded, an administrator would just create a virtual machine image of a Windows OS, along with the required applications, and run that from in RHEL.
Of course, this approach is a new one, and we haven't heard of any successful implementations yet. And, given the inherent complexities in such an approach, complications probably await for an administrator ambitious to try this sort of implementation. But at least Red Hat has tried to ease this process by a variety of means.
For example, Red Hat recently launched a graphical user interface-based management system that simplifies virtualization management duties, allowing users to see the systems being managed, configure their storage, group them into domains, and assign policies. Red Hat has also developed a set of divers for running Windows Server 2003 and Windows Server 2008 more efficiently in a Linux environment and has certified that Microsoft will fully support them.
Joab Jackson is the senior technology editor for Government Computer News.