Google has released new details on their Shielded VMs security suite, a set of tools designed to protect enterprise cloud workloads.
The migration of on-premise workloads to the cloud can be a disruptive and expensive step for enterprise players to take; however, there are rewards for such investment.
Legacy software and operational costs can be eradicated, day-to-day management of systems, services and data can become a lighter burden due to automated tools and machine learning.
Also it can be easier to secure sensitive corporate networks with cloud-based solutions.
Unless cloud providers are trustworthy, businesses may shy away from refreshing their corporate architecture and systems.
It is not just cloud services which need protection, as today’s threat actors will take any open avenue to exploit corporate systems and this includes networks, hardware connections and virtual machines (VMs).
Attacks Against the Kernel
This is why Google has developed Shielded VMs, which the tech giant says enhances trust for cloud systems starting at the hardware and firmware level, as well as for host and guest operating systems.
Shielded VMs was recently released in beta to developers for Windows Server 2012 R2, Windows Server 2016, Windows Server version 1709 Datacenter Core, Windows server version 1803 Datacenter Core, Container-Optimized OS 68+ and Ubuntu 1804 images.
The release aims to show that workloads running on Google Cloud Platform (GCP) have not been compromised by boot malware or firmware rootkits, which, in turn, should increase the trust between cloud service providers and customers.
Google said this week in a blog post that attacks against the kernel, drivers and guest systems can be mitigated by ensuring that when VMs boot, they are running code which has not been compromised.
As hardware and firmware-level malware can stay undetected for long periods of time, securing the hardware level is paramount to ensuring no other systems or services become exposed to attack.
Google stated in their blog post that: “A BIOS can be dynamically compromised by a bad NetBoot, or act as a “confused deputy” based on untrusted input reported by BIOS configuration parameters, leaving the OS vulnerable to privilege escalation attacks,”
“A guest OS can also be dynamically compromised by attacking its kernel components via remote attack, by local code gaining escalation privileges, or by insiders (e.g., your privileged employees).”
Google has worked with custom chip maker Titan to include processors that establish root-of-trust, rejecting tampered start-up code and utilizing cryptographic protections to prevent infections.
The chips have been integrated with Shielded VMs, alongside a selection of other security features:
- Trusted firmware based on Unified Extended Firmware Interface (UEFI)3.1, UEFI Secure Boot capability;
- vTPM: The validation of guest VM pre-boot and boot integrity, as well as the generation and protection of encryption keys;
- Secure Boot and Measured Boot to help protect VMs against boot- and kernel-level malware and rootkits;
- Measured Boot: Integrity measurements collected and recorded on Stackdriver to help users identify any mismatch between the “healthy” baseline of VMs and runtime states.
Google says the security hardening will help protect the enterprise against malicious insider attacks, infected guest firmware, including UEFI drivers which have been tampered with and malicious guest-VM kernel or user-mode vulnerabilities.
Google commented that: “Every day we hear of new methods of exploiting vulnerabilities in computing systems.”
“Fortunately, while the attackers get more sophisticated, we’re working hard to stay one step ahead of them. Shielded VMs UEFI firmware, Secure Boot, Measured Boot, vTPMs and Integrity Monitoring offer integrity verification and enforcement of your VM boot system, giving you confidence in your business-critical cloud workloads.”