IBM plans new security for virtual servers

By Dave Nixon

IBM researchers are developing new attack deterrence technology for the company’s virtualisation products.

The company is set to specify the new project, codenamed Phantom, at the RSA Conference in San Francisco Tuesday.

Phantom is a combined effort between IBM’s X-Force threat analysis team and the company’s research division. It aims to lock down the hypervisor software that IBM systems use to manage virtual machines.

“What we’re doing through Phantom is we’re implementing an IPS (intrusion prevention system) - an IPS that sits at the hypervisor layer,” said Kris Lovejoy, director of strategy for IBM corporate security.

IPS systems are designed to prevent computer attacks as they arise, by inspecting network traffic and figuring out whether or not it is malicious.

IBM invented the notion of a hypervisor and has been selling it as part of its mainframe computers, where it could operate in excess of one copy of the operating system at the same time. In recent years, this nature of virtualisation software has been promoted on Unix and PC systems as a way for corporate users to compress more performance out of their servers.

The problem of securing these virtualised systems promises to be one of the hot topics at this week’s conference, which is the largest annual event in the security industry.

IBM researchers have already worked on methods to secure the hypervisor, but with Phantom they will be using technology acquired in IBM’s 2006 purchase of Internet Security Systems, a maker of IPS devices.

The researchers are in addition building tools that can lock down the hypervisor itself, Lovejoy added. “The hypervisor layer was built for optimum performance, not necessarily effective security,” she said. “Our customers are just looking for assurance that their virtualised infrastructure is not going to be the single point of failure.”