In my last blog I talked about Type 1 hypervisors and how they will become “game changers”. Today I will discuss how we can make sure that the type 1 hypervisor installed on your system is the correct hypervisor and that you are not being hacked by someone trying to load a phony hypervisor (or other software) on your system.

 

 

The technology behind this is called Trusted Execution Technology or TXT for short. Trusted Execution Technology is a set of enhanced hardware components designed to help protect sensitive information from software-based attacks. It is a combination of processor and chipset extensions, keyboard/mouse and graphics enhancements, and a TPM (trusted platform module) v1.2 device. This TPM is a fixed token (silicon) that sits on the motherboard. This token allows us to store or “seal” keys on the platform. Some companies are already using TXT. Green Hills Software Inc. with their Integrity PC technology is one example. General Dynamics Trusted Virtual Environment Desktop software is another example.

 

 

In the Dynamic Virtual Client (DVC) environment, TXT is used to measure and verify the launch of the type 1 hypervisor. It also allows for a protected configuration between VM’s and allows for all data to be wiped clean from the environment upon exiting the VM. See below.

security1.bmp

 

 

 

 

 

 

As you can see Intel is working on making the DVC environment as secure as possible.

 

There are many documents and books that will allow you a deeper dive into the technology. See: http://www.intel.com/technology/security/

2010 should bring more TXT solutions from various DVC vendors. As they are made generally available, we will bring them to your attention.