Xen Developers Focus on Security

With the next major release of the Xen Virtual Machine Monitor expected this August, the project's developers have turned their attention to a new issue: security.

Over the last few months, a group of the project's open source developers have begun work on a "security enhanced" version of Xen called XenSE that is similar in concept to the Security Enhanced Linux project backed by the U.S. National Security Agency (NSA).

"Xen already has a lot of important security features today, but the XenSE work is intended to take this to the next level, making use of the various hardware features that will be appearing on future processors to move us closer to true trustworthy computing," said Xen project leader Ian Pratt, via e-mail.

Protecting Access

Xen is "virtual machine" software that lets users run more than one copy of an operating system on the same computer. The security-enhanced version of Xen could be used to run applications on extremely secure virtual computers that could be isolated from the rest of the software on the machine. That way, even if a computer were to become infected by a virus, the malicious code would have a hard time affecting the XenSE application.

The XenSE project is being led by the University of Cambridge, with involvement from developers at NSA, IBM, Hewlett-Packard, and XenSource, said Rolf Neugebauer, a researcher with Intel who is also a XenSE developer. AMD is also coordinating its efforts with XenSource.

Banks could improve security for their online users by shipping them XenSE CDs. Users would then do online banking using software that was running on a secure virtual machine, reducing the risk of data theft, Neugebauer said. "I think we could provide (banking) with more assurance of security," he said.

The XenSE software will be of interest to governments and corporations looking to create safe ways for desktop clients to communicate with servers over the Internet, Neugebauer said.

Xen's Edge: Simple, Small

Because Xen itself is so much smaller than any operating system, it is also much easier for Xen's builders to be sure that it is free of security flaws, Neugebauer said. "There are probably 30,000 lines of code in Xen, compared to millions in Linux. That makes it much more (easy to secure)," he said.

Virtual machine software like Xen is going to make it easier for system administrators to lock down workstations, said Gordon Haff, an analyst with Illuminata. "In principle, they're shipping you a private terminal," he said. "It's as if they sent you your very own PC that you can't load any software on."

Palo Alto, California's VMware already sells software called VMware ACE that lets administrators set up these kind of strictly controlled environments within virtual machines, Haff said.

"People have these fat clients which have, in many cases, uncontrolled software environments," Haff said. "What something like ACE does is it says, 'Fine. You can have your uncontrolled environment, but you can only connect to our machine from this very controlled environment.'"

The next major release of Xen, version 3.0 is expected August 15, according to a spokesperson for XenSource. XenSE will the included in the release after that, according to Neugebauer. A release date for Xen 4.0 has not yet been set.