Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA + VMware = Crackproof Computing?

Posted by timothy on from the heh-heh-heh dept.

n8willis writes: "ZDnet is reporting on a VMware and NSA collaboration called "NetTop." The idea to run multiple virtual computers on one box, to eliminate the need for government workers to have separate PCs--and indeed separate networks--for classified and unclassified data. The challenge is making the virtual barriers as secure as the physically separate networks. NSA and VMware say they've done it. What do you think?" Will copying between virtual machines be impossible? I wonder when (or if) NSA changes will make their way into the various distributions' boxed releases.

7 of 157 comments (clear)

  1. Here's one problem.. by dmuth · · Score: 5
    At home, I run Enlightenment, and often have multiple terminal windows open at once. I've already made stupid mistakes like trying to type my GPG passphrase or root password into the wrong window. My concern is that the NSA trying to do something similar could lead to similar problems. Given that governement employees aren't exactly know for being the sharpest pencils in the box, I could easily see someone going to the trouble of doing an hour or more of work, only to discover that they were typing it all in the wrong window on an unsecure network. Whoops!

    As I understand it now, the present system where multiple machines are used in government institutions has a black machine that contains secret data, and a white machine that contains only sensitive data. Much harder to type something into the wrong machine when the color of it is immediately apparent to you, I would think.

    --

  2. Someone call Hillary and Jack! by Tackhead · · Score: 5
    > Will copying between virtual machines be impossible?

    I dunno, but if it is, someone'd better call RIAA and MPAA to let Ms. Rosen and Mr. Valenti know about it :)

  3. This is the Orange Book, redux by davecb · · Score: 4

    Once upon a time, the U.S. government write a set of specifications for multi-level secure computers, called the orange book. This worked pretty well for mainframes: Multics was rated B2, and was on the 'net as dockmaster.mil.

    It was a bit clunky, but had been continuously updated over time, so I still have a machine running Trusted Solaris 7 in my basement.

    It's arguably the same task to do this sort of thing with a virtual machine monitor as it is with a security monitor: both create trusted computing bases, which enforce the security rules.

    It would look almost exactly like an unmodified system, with optional colored bars on the windows indicating the security level and subject matter that was displayed there.

    The rules the TCB would enforce are things like "thou shalt not copy from higher security down to lower security", so the TCB gets asked if it should allow a top-secret cut buffer to be pasted into an merely restricted document.

    The Trusted Computing Base (the VMM) gets to say no, and so refuses to allow mapping of that page. The X server gets a -1 return code and errno=NOWAYJOSE, so it then pops up a "sorry, that was a security breach" message... which is exactly what my TS system does when I klutz and try to copy stuff from my confidential files into my unclassified email!

    --
    davecb@spamcop.net
  4. Covert Channels by rgmoore · · Score: 4

    It seems to me that this approach would still be very succeptible to various forms of covert timing channels. Since the different systems are running on the same hardware, you could still signal between them by having one system hog system resources or not as a way of signaling bits to the other system. There was some discussion of this approach to covert channels in this discussion here on slashdot.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  5. Maybe I am confused but... by Dios · · Score: 5
    So I guess the goal would be to hack into the 'host' system. That way you can copy the virtual machines data file (isn't it just one big nice file in vmware?) and have a complete copy of the virtual system... and all its data...

    Is this like a single point of failure thing?

  6. What? by roman_mir · · Score: 4

    "Last year, the company also released a version of its software that runs on Windows NT and 2000, enabling users to run Linux (or any other operating system) in a virtual machine on top of Windows. "
    I can imagine a blue screen of death that would still have a VMWare window with Linux that is still running in it...

    --
    You can't handle the truth.
  7. Depends what you talk to by GlobalEcho · · Score: 4

    It's probably possible, at the very least in theory, to separate two virtual machines more or less completely. You can simulate the BIOS, the hardware clock, the PRAM, the ethernet card PRAM, and all those other sneaky places that most people don't think about as writable areas of their PC.

    Peripherals are a different matter. They had better be sure that only the insecure side is capable of sync'ing to the Palm Pilot!

    -- Brian