Post to Twitter |
Comments (4) |
Views (18546) |
Chris Hoff is generally right as rain when he rants about technology, but he's still wrong on my position about Citrix's role in the addition of security features to Xen and XenServer.
The recently launched Xen Introspection project is a very promising addition to the open source Xen project, adding a set of APIs that can be used to inspect the contents and I/O of a running virtual machine - and similar in some respects to VMware's VMSafe API. The potential uses of this for enhancing guest security by allowing re-tooled security toolkits to identify attacks and compromised guests are very significant. A key requirement is that the API itself be suitably secured so that an attacker cannot utilize it as a way to launch an attack by inspecting a VM's data and I/O, but assuming that this problem can be solved (and if it can be solved, then the community will do so), the opportunity for the security boffins to add very substantial value to Xen-based virtual infrastructures is obvious.
Chris is right on all this stuff, but he's still confused as to Citrix's role in this. Our job, both in the Xen community and in XenServer, our product, is to firstly make Xen bulletproof, through platform enablements that substantially enhance system security through design, and secondly provide enablements that offer security vendors an opportunity to extend Xen based products with specific value-added solutions that identify guest vulnerabilities, threats, compromised systems and the like. We are manically focussed on securing the platform itself, but the Xen project is not a security project. Moreover Citrix is not a vendor with a core competence in finding the bad guys that attack guests. We want to make Xen the most secure hypervisor by (open, community based) design, while providing interfaces that securely extend the platform to offer those security vendors that are good at finding bad guys, a single way to go to market on all Xen based products.
Unlike VMware, which with its acquisitions of Blue Lane, and Determina seems set for head to head competition with the security industry, we believe that this capability set is best added on top of the Xen hypervisor base by an ecosystem of vendors and the community, in a way that allows those vendors to add value to all Xen based products, independent of the particular Xen vendor. If, say, a McAfee or Symantec product were released for the Xen Introspection API, then it is our specific goal that it would work for XenServer and for all other Xen based products on the market. Leading the Xen project is a role that demands openness and integrity when working with the ecosystem of vendors. Ian Pratt, the leader of the project, is a passionate defender of the independence of the project from any vendor bias, and in the area of security specifically, his goal is to foster an ecosystem of community and vendor based security enhancements to Xen that will enable Xen users to achieve far better security than is possible with a closed source virtualization platform such as VMware's that also competes with the security ecosystem.
Re-reading Hoff's posts, I find that I agree with him in just about every respect in his assessment of the technology and its implications, and I think we're doing exactly as he would recommend, so I'll be interested to hear if he has more to say on this.
Comments (4)
Oct 30, 2008
Anonymous says:
Simon: I think the only way to settle this is in the ring: I propose a sponsore...Simon:
I think the only way to settle this is in the ring: I propose a sponsored sumo-suit wrestling match at RSA security in 2009 with the
proceeds going to charity, specifically Johnny Long's "Hackers For Charity." Adam Shostack has already put up the first $50...
/Hoff
Oct 30, 2008
Simon Crosby says:
Hoff, you're on. Also, why don't you come to the next Xen Summit and give ...Hoff, you're on. Also, why don't you come to the next Xen Summit and give the community your views on how to proceed?
Simon
Oct 31, 2008
Anonymous says:
Excellent! When's the next summit? I'd love to participate. And to be...Excellent!
When's the next summit? I'd love to participate. And to be fair, I give the VMware guys as much crap as I give you, too...
I also thought I'd put my time in on the Xen Introspection project...it's easy to blog about stuff, but it's only
fair to help get things done, too...as you have done.
BTW, I've got judges already lined up and Dan Kaminsky has agreed to be the referee. Feel free to recommend whomsoever
you like; stacking the deck is to be expected
/Hoff
Nov 02, 2008
Anonymous says:
"Moreover Citrix is not a vendor with a core competence in finding the bad guys ..."Moreover Citrix is not a vendor with a core competence in finding the bad guys that attack guests. We want to make Xen the most secure hypervisor by (open, community based) design, while providing interfaces that securely extend the platform to offer those security vendors that are good at finding bad guys, a single way to go to market on all Xen based products."
I think the model you have is very interesting. I think there will be plenty of vendors out there looking to extend the product. The question is where will they be able to focus? Won't folks like FireEye have the market solidified?
On the other side, there is always the potential for Xen to be utilized by the 'bad guys' as they get more innovative with their attack vectors. I really don't know how security ever becomes anything more than a perpetual arms race.
Anonymous replies:
Add Comment