GCN Tech Blog

By GCN Staff

Blog archive

Virtualization for trusted computing?

As more than one attendee noted two weeks ago, LinuxWorld could have been called VirtualizationWorld instead. In a nutshell, Red Hat Inc. recently announced it was rolling Xen virtualization software. Around the time, XenSource Inc. of Palo Alto, Calif., released its own commercial version of Xen, XenEnterprise. VMware Inc. of Palo Alto, Calif., touted its VMware ESX server and its free starter model, the VMWare . Even Microsoft Corp. chose early April to liberate its own virtualization software, Microsoft Server System , as a free download.

Also talk swelled around how the chip makers are adding virtualization features as well. Advanced Micro Devices Inc. of Sunnyvale, Calif., plans to add virtualization extensions to Opteron microprocessors, starting this fall. Intel Corp., of Santa Clara Calif., has already added virtualization extensions for its Xeon and Itanium chips. Both sets of extensions, called hypervisors, should speed virtualization by allowing the guest operating system to make calls directly to the hardware, rather than going through the host OS.

So we're hearing lots o' buzz around virtualization these days. While we knew of the usual benefits of virtualization--great for server consolidation in heterogeneous environments, etc.--Simon Crosby, chief technology officer for XenSource alerted us to another aspect that may be interest to Defense Department and intelligence agencies. Namely, that virtualization could offer great benefits for trusted computing.

When you think of trusted computing now, the image that comes to mind is of multiple computers on a desktop. One computer may be dedicated to working with a network for sensitive but unclassified data, such as the Defense Department's NIPRnet (Non-secure Internet Protocol Router Network). Another computer may be dedicated to a classified network, such as SIPRnet (the Secret Internet Protocol Router Network).

You can see the hardware and space costs that this separation of networks incurs. The challenge for the last few years has been how to design an end-user computer to work on both networks while ensuring that information from one network can not be leaked onto the other network (or can be moved, when it is appropriate to do so). Various companies have approached this problem by using dedicated hardware. Both Tenix America and BAE Systems plc offer ways to access networks of different classification levels through a single machine, though at a cost.

And now virtualization'or at least the form practiced by Xen'could provide another, lower-cost way, of doing this, Crosby noted. Xen's approach implements a 'separation kernel,' a thin layer of software that can act as the most trusted piece of software on the server, he said. Xen runs as the bottom-layer foundation and can authenticate Trusted Platform Modules--such as operating systems--signed by the administrator.

'Each guest OS that is hosted has no way of knowing there is another guest on the machine. It provides complete isolation of each guest,' Crosby said. Different networks could even share the same network card. Various intelligence agencies and their contractors have been working with the Xen community to further look into this approach, he added.

Posted By Joab Jackson

Posted by Brad Grimes, Joab Jackson on Apr 17, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.