Server Attestation and Infrastructure Integrity

Server security starts with visibility into the software that is controlling the server hardware. vCage server attestation supports Intel Trusted Execution Technology (Intel TXT) to remotely verify that vCage software is in full control over the server before trusting the server with any secret information. Enterprises and service providers can create trusted computing pools in the cloud knowing that they are running on servers for which the integrity of the server firmware, BIOS, hypervisor and operating system code has been verified.

Detects Advanced Persistent Threats (APTs)

Sophisticated attackers want to retain control of a compromised server, and will go to great lengths to hide evidence of the compromise in non-volatile storage available on the server, including the BIOS, device firmware, and attached storage devices. vCage attestation ensures that servers are running only intended code, rather than modified code that was hidden by malware or an attacker. vCage attestation will flag any malicious persistent code and exclude the infected server from a compute pool until it is remediated.

Cryptographic Proof of Trustworthiness

The server attestation request received by the vCage hypervisor generates an attestation response which is signed by a key that has a chain of cryptographic proof to the trusted platform private key. The vCage Manager receives the proof and verifies it against a pre-enrolled public key belonging to the attested server.

Designed For Attestation

vCage Manager validates system integrity from the hardware up to the virtual machine by leveraging Intel Trusted Execution Technology (Intel TXT) and Trusted Platform Modules (TPMs).  vCage Manager enables enterprises to verify that their infrastructure is in a known, good state before you start to launch VMs.  vCage Manager can attest a variety of platforms including Redhat Enterprise Linux (RHEL), Ubuntu, CentOS and vCage Host.  

The vCage Host hypervisor is packaged and designed for attesting the validity of server environments. Tight integration with vCage Manager enables a policy of acceptable software and configuration with a single API call.

Mutual Authentication

The vCage architecture can ensure that no secrets are persisted in the clear.  The solution functions without requiring keys or credentials to persist on disk or on PXE.

The vCage Host hypervisor comes up it only accepts attestation requests from your infrastructure. vCage Host boot image is customized with a per deployment public key. The server will only authenticate and respond to owners of the matching private key, reducing the surface of non authenticated attacks, and preventing unnecessary information leak about the server software version and configuration to network adversaries. To address the per-deployment public key, vCage Host generates a session key pair on every boot of the server, and measures its public part as part of the server attestation process. Authenticating both the vCage Host and the vCage Manager prevents first-mover-advantage attack, as well as man-in-the-middle attacks.

Remote Seal

Servers typically require some secret information for purposes of identity and access. Sealing is the process of granting access to secrets contingent on server attestation. While it is possible to store such secrets within the trusted platform module, the vCage architecture implement sealing as a remote process, keeping the secrets protected in the vCage Manager. vCage Manager provides centralized management of the secrets, visibility into secret access by servers, as well as secure delivery of secrets over the encrypted channel between the vCage Manager and vCage servers.

Linux Hardening

Server attestation provides assurance that the server is clean and in control during boot. vCage provides protection at the infrastructure level protecting against logical attacks arriving over the network as well as from malicious local hardware devices attached to the host.

Controlled Device Driver Population Reduces Attack Surface

Device drivers are a frequently overlooked software interface that provide an attractive attack vector. Malicious hardware, or valid hardware that has been compromised, may be used as a launching platform for attacks against drivers and the corresponding infrastructure. The vCage hypervisor includes only the necessary device drivers to operate virtualized infrastructure, reducing attack surface to a minimum.

Direct Memory Access (DMA) Protection

While DMA serves an important role in improving the scalability and performance of a system by allowing hardware devices to access memory independently from the main CPU, the same interface allows malicious devices or compromised devices to read non-input-output (I/O) information from memory, which can include credentials and end-user information. Similarly, DMA can be used to modify the software that is executed by the main CPU and inject malware that can defeat existing software security controls. The vCage Host hypervisor utilizes runtime configurable hardware support methods such as Intel VT-d and Intel Trusted Execution Technology (TXT) to limit DMA access to area of the memory allocated for I/O operations.

Secure Kernel Patches and “GR Security”

The vCage hypervisor includes the latest tools and technologies available to the Linux kernel as a method limiting vulnerabilities that might still exist in the vCage hypervisor code base.

Device Communication Firewall

In addition to eliminating unnecessary device drivers from the vCage Host hypervisor kernel, vCage provides an additional logical firewall to allow the validation of input and output between device drivers and hardware devices. Such input validation is typically lacking in traditional Linux distributions.

Network Only Interfaces

The vCage hypervisor is designed to operate in environments where the person with access to the console is not the owner of the data being processed on the server. Consequently, the most secure way of interaction with the vCage hypervisor is over key based authentication network communication. Console access, human interaction devices, USBs, and other non-network interfaces are disabled by default.vCage Manager and vCage Host both use network-only interfaces to communicate with a server.  This avoids the use IPMI which can be improperly configured or maintained. 

Data In Use Encryption

While data may be protected in transit over networks and at rest on storage devices, there has been no solution to protect data in use. Encryption keys, certificates and sensitive data are left exposed in memory to unauthorized physical access attacks. When outsourcing compute infrastructure, service providers, admins, contractors, suppliers, and local governments have physical access to your server, and thus, to your most sensitive data. vCage verifies server integrity and then uses full memory encryption to limit clear text data to the CPU internal cache to protect against memory extraction attacks.

Encrypted Memory

The vCage hypervisor is designed with a proprietary memory management algorithm using a full KVM hypervisor that fits entirely inside the CPU Last Level Cache (also referred to as LLC or L3 Cache) of a modern Intel server CPU. The vCage Host hypervisor actively manages the CPU L3 cache, and serves as an encryption gateway to the main server memory. Data inside the CPU package is in clear-text form, while data outside of the CPU package is ciphertext.  With vCage, the CPU and application view of the world is that memory in clear-text form, while an adversary views of the world see ciphertext. Main memory is always encrypted and no keys, data nor code can be extracted from server memory.

Transparent Encryption

As a hypervisor, vCage provides hardware abstraction to the running applications and virtual machines. vCage provides a virtual clear-text memory representation to the running virtual machines, while the real physical memory is encrypted at all times. This transparency allows any application to be installed in a virtual machine and automatically benefit from the protection provided by vCage memory encryption. Any application that runs on the Linux KVM hypervisor can run on the vCage hypervisor with no need for new API calls or recompilation of the code.

Industry-standard AES Encryption

The vCage hypervisor utilizes the standard Advanced Encryption Standard (AES) encryption algorithm to protect any data stored in the server main memory modules. Utilizing the hardware cryptographic acceleration provided by Intel AES-NI allows the vCage hypervisor to achieve multi GB/s access rate to encrypted memory.

Customizable Encryption

For organizations requiring non AES encryption algorithm to be used, vCage supports the insertion of alternate custom encryption modules that can be used for encrypting memory.

Virtual Machine (VM) Image Encryption

Virtual machine images are key building blocks for a secure compute infrastructure. Manipulating a virtual machine image while at rest can result in the insertion of malware into the execution environment which bypasses existing security measures. Likewise, secret information embedded within the virtual machine images, used for identity and access, can be revealed by reading a clear text copy of the virtual machine image. The vCage Manager, in combination of the vCage hypervisor, provides the encryption of virtual machine images stored at rest, protecting identity and access secrets, and maintaining the integrity of the virtual machine from offline code injection.

VM image Encryption

The vCage Manager allow the encryption of virtual machine images to protect secrets and maintain the integrity of virtual machines. Encryption keys for image encryption are stored on the vCage Manager, separating the encrypted image encryption key management.  No decryption keys are handed over to a server until it is established as trusted.

OpenStack Integration

The OpenStack operational model provides a horizontal distribution of compute resources to deliver maximum scalability. While this design choice enables a highly scalable cloud environment, it also means that security is horizontally distributed. In the same way that one bad apple can spoil the barrel of apples, one compromised server can take down all the other nodes in the compute cluster. vCage brings security into an OpenStack environment, providing the assurance that compute nodes are secure and trustworthy. vCage uniquely addresses the need to protect the secrets and integrity of the OpenStack controller node which hosts the database and Keystone services which are critical to the security of an OpenStack deployment.

Trusted Compute Nodes

Packaged with pre-installed OpenStack management agents, vCage for OpenStack allows for rapid bring-up of trustworthy OpenStack compute nodes. Combined with vCage server attestation feature, OpenStack can automate the process of attesting new compute node with vCage before provisioning them into an OpenStack deployment. Providing visibility and control over the configuration and code running on every compute node in an OpenStack deployment is paramount to the security of an OpenStack deployment.

Encrypted Images on Glance

vCage natively supports the encryption of virtual machine images. With OpenStack image management integration (Glance), protecting secret identity and access credentials that resides within the virtual machines is easy to accomplish.

Flexible Deployment Options

vCage provides the best logical protection for compute infrastructures with multiple deployment options. Whether deployed on-premise, colocation or third party infrastructure, vCage provides an increased level of security to the infrastructure to create a trustworthy infrastructure that can be depended on by its tenant. vCage integrates with existing IT automation tools such as Puppet Enterprise to facilitate smooth deployment and heightened security.