|
The Trusted Virtual Data Center (TVDc) represents a realization of Trusted Virtual Domains offering strong enterprise-level
security guarantees in hosted data center environments. The IBM Trusted
Virtual Data Center, a project defined and pursued by the Secure Systems
Department at the IBM T. J. Watson Research Center in Hawthorne NY, is
designed to satisfy business-level security goals by simplifying management
and providing explicit infrastructure-level containment and trust guarantees
for data center environments based on virtualization:
The Trusted Virtual Data Center isolates multiple customer sets, e.g.,
Human Resources and Financing workloads. This does not only include isolation
capabilities in the platform (secure hypervisors), but also isolation of
the network (VLANs, labeled IPSec tunnels), routers, management consoles,
etc. The fundamental isolation mechanisms are largely in place, but the
ability to coherently manage and attest to these capabilities is lacking.
Furthermore, these isolation guarantees must be translated into the strong
containment guarantees that businesses expect. For example, a virus outbreak in the HR resources should not spill over
to Financing even though both HR and Financing use the same physical resources
(servers, networks, routers, etc). The management of these trusted virtual
data centers must be integrated into Virtual Machine Monitor (VMM) management
applications to ensure that customers and administrators are using simple
interfaces to make informed decisions and that formal security policies
are enforced in management and operation, which can be translated into
customer guarantees regarding trust and confinement.
The major goals of this project are:
- Simplification: Simplifying management of Trusted Virtual Data Centers means to specify
the security statements at an abstract level on the basis of customer sets
and isolation. These statements are methodically decomposed, and uniformly
enforced and verified across the hardware and software resources (VMM,
servers, networks, routers, etc.). The result is a coherent and simplified
security perspective for users and administrators alike in an on-demand
operating environment.
- Trust: Establishing trust into the confinement and integrity properties of Trusted
Virtual Data Centers means to produce evidence that systems participating
in the virtual data center do and will behave as expected. By leveraging
artifacts of the traditional security infrastructure (such as digital signatures,
certificates, and assurance statements) and building upon emerging trusted
computing technologies, Trusted Virtual Data Centers convey trust evaluations
and guarantees for each customer set.
- Containment: Containing customer sets in corporate hosting environments can be achieved
based on confining distributed workloads in virtualized environments. Virtualization
(e.g., secure hypervisor) and overlay technologies must form a distributed
protection layer around each of the computing entities of each customer
set, regardless of the physical machine or network topology configuration
of those entities. The resulting workload execution environments are contained
using simple security statements that include the sharing of resources
within customer sets.
The Trusted Virtual Data Center is based on the Trusted Virtual Domain concept and designed to support a unified secure operational policy across all members. For example, using hypervisor-based isolation (sHype) coupled with TCG-based property verification (IMA) provides strong levels of containment and trust.
|
