sVirt: Hardening Linux Virtualization with Mandatory Access Control
This talk will introduce the sVirt project: a community effort aimed at integrating Mandatory Access Control (MAC) security and Linux virtualization.
With increased use of virtualization, one security benefit of physically separated systems -- strong isolation -- is reduced, an issue which may be ameliorated with the application of MAC security (e.g. SELinux, SMACK) in the host system.
For example, a flaw in the hypervisor or errant misconfiguration of the host may allow a virtualized guest OS to "break out" into the host environment and compromise other guests. By applying MAC security to virtual machine instances at the host level, such threats may be mitigated through strong isolation and containment of guests.
Applications of sVirt include:
- Providing virtualized services with a level of isolation similar to that previously afforded by physical separation;
- Increased protection from untrusted guest VMs, such as may be encountered by virtual hosting providers or cloud/grid servers;
- Containment of kernel-level vulnerabilities in guests, such as preventing guests which have been compromised by rootkits from participating in botnets and/or sending spam;
- Strongly isolating desktop applications by running them in MAC-separated VMs, for example: online banking in one VM andWorld of Warcraft in another.
The talk will cover the rationale and high-level security goals of sVirt; its design as an enhancement to libvirt (the Linux virtualization API); integration with management frameworks such as virt-manager and oVirt; and specific implementation in Fedora via SELinux.
James Morris is a Linux kernel developer from Sydney, Australia. He is the Linux kernel security maintainer; author of the kernel Crypto API; and a contributor to the SELinux, LSM, Netfilter and IPsec projects.