Made in IBM Labs: IBM Drives 'Fort Knox'-Like Security Into Virtualized Data Centers

IBM today revealed a new software technology from its Research labs designed to greatly enhance security and management capabilities in virtualized data centers.

The new advancement is the industry's first effort to embed trusted computing technologies directly into the virtualization and management software tools already used inside data centers. This new technology allows for stronger data integrity guarantees and offers a higher degree of confidence that workloads and data are secure.

Virtualized data centers are becoming increasingly common in business, where multiple workloads, consisting of operating systems, middleware and applications, reside on a single physical computer system. The IBM secure hypervisor architecture, or "sHype," is a Research technology designed to run in conjunction with commercial and open source hypervisors that control servers and data in a shared environment. sHype aims to provide a security "wrapper" around distributed workloads in the data center, extending mainframe-like security to pooled data and resources across multiple IBM and non-IBM systems.

sHype is designed to bring stronger security guarantees to popular x86 and blade servers. As is increasingly common, IBM Research developed the sHype technology not just in its own labs, but implementing early versions of sHype with customers to test and evaluate the code. Additionally, portions of sHype have been contributed to the Open Source community and are being used, for example, as part of the open source Xen hypervisor kernel.

"IBM is a major contributor to the Xen Project, and the adoption of their sHype mandatory access control (MAC) technology allows Xen to offer a unified security framework for Windows and Linux virtualization without compromising performance," said Dr. Ian Pratt, Xen project leader and XenSource founder.

Hoping to extend sHype beyond x86 hardware, IBM plans to introduce several other technologies with sHype as part of a comprehensive strategy to give customers the simplest, most secure and most efficient data centers possible.

"Thanks to the simplification benefits of the technology, virtualization adoption is on the rise but concerns about securing the virtualized data center persist," said Rich Lechner, Vice President, IBM Virtualization. "By putting security directly into the hypervisor virtualization layer, IBM Research has created a unique capability in sHype, providing clients with additional assurance that their virtualized data is protected."

Traditional IT security is based on built-in security for one or more user-chosen operating systems, and additional security from applications running on these operating systems. However, the steady stream of patches and updates required to protect the bulky code of an operating system and application stack is causing a heavy burden on customers.

Designing security into the much smaller, much easier to protect hypervisor architecture code creates a very tight wall of protection around physical resources in the data center, including the hardware, operating systems, applications, software hypervisors, workloads and virtual resources running in the now-secured environment. It also creates secure data pipes inside of a virtualized environment, essentially locking and monitoring data from outside threats or internal errors, by protecting the data from other workloads and applications running across the same virtualized data center.

sHype works in conjunction with hypervisors by establishing a virtual machine to act as a data center "security foreman." The foreman uses preset configurations, business policies and exceptions set by the customer to lock down all content of the data center. It then automatically sets policies that evaluate, rank and code workloads as well as the physical and virtual resources needed to run each workload. Once workloads and resources are locked together, the integrity of the data and resources is assured and can be better managed by hypervisors accordingly.

IBM Research has successfully implemented significant elements of their sHype architecture with multiple hypervisors as part of the company's effort to demonstrate the architecture's flexibility and security capabilities. IBM is also working with industry groups to help standardize the aspects of sHype in order to achieve strong guarantees in and to simplify management of security in heterogeneous virtualized environments.

Source: IBM

Related stories:

Intel Unveils New Chip Designs
In his Intel Developer Forum keynote today, Pat Gelsinger detailed the roadmap for Intel's continued march toward pervasive, higher performance and power efficient computing. The senior vice president and general manager of Intel's Digital Enterprise Group discussed new features of the company's next-generation processor family including a new turbo mode that shifts the processor into a higher gear for mind-blowing performance without a heat penalty.
Research on browser weaknesses triggers attacks
IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that organized criminals are adopting new automated techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.
New logic: the attraction of magnetic computation
European researchers are the first to demonstrate functional components that exploit the magnetic properties of electrons to perform logic operations. Compatible with existing microtechnology, the new approach heralds the next era of faster, smaller and more efficient electronics.
IBM Technology to Protect Customer Data in the Call Center Industry
Researchers at IBM's India Research Laboratory have developed advanced data masking technology that helps call centers protect critical data without disrupting customer service or business operations. As IBM continuously seeks new methods to ensure privacy and security, the company intends to utilize this capability in its own call center operations to further protect information for its services clients around the world.
An oblivious transfer protocol for quantum cryptography
“It's hard to beat the noise that you have with quantum information,” Barbara Terhal tells PhysOrg.com. “So our security protocol relies on the fact that storing quantum bits noiselessly is hard to do with current technology.”
Roadrunner supercomputer puts research at a new scale
Less than a week after Los Alamos National Laboratory's Roadrunner supercomputer began operating at world-record petaflop/s data-processing speeds, Los Alamos researchers are already using the computer to mimic extremely complex neurological processes.
IBM Cracks Web 2.0 Security Concerns With 'SMash'
IBM today announced new technology to secure "mashups," web applications that pull information from multiple sources, such as Web sites, enterprise databases or emails, to create one unified view. Mashups are attractive for business use, as they allow non-technical users to gain insight on complex situations in minutes, but as with all Web-based initiatives, security has been a concern.
IBM Rolls Out New Mainframe
IBM today announced the System z10 mainframe to help clients create a new enterprise data center. The system z10 is designed from the ground up to help dramatically increase data center efficiency by significantly improving performance and reducing power, cooling costs, and floor space requirements. It offers unmatched levels of security and automates the management and tracking of IT resources to respond to ever-changing business conditions.

News discussion:

Technology news