Trusted Virtual Data Center - overview
The Trusted Virtual Data Center (TVDc) represents a realization of Trusted Virtual Domains offering strong enterprise-level security guarantees in hosted data center environments. The IBM Trusted Virtual Data Center, a project defined and pursued by the Secure Systems Department at the IBM T. J. Watson Research Center in Hawthorne NY, is designed to satisfy business-level security goals by simplifying management and providing explicit infrastructure-level containment and trust guarantees for data center environments based on virtualization:
The Trusted Virtual Data Center isolates multiple customer sets, e.g., Human Resources and Financing workloads. This does not only include isolation capabilities in the platform (secure hypervisors), but also isolation of the network (VLANs, labeled IPSec tunnels), routers, management consoles, etc. The fundamental isolation mechanisms are largely in place, but the ability to coherently manage and attest to these capabilities is lacking. Furthermore, these isolation guarantees must be translated into the strong containment guarantees that businesses expect.
For example, a virus outbreak in the HR resources should not spill over to Financing even though both HR and Financing use the same physical resources (servers, networks, routers, etc). The management of these trusted virtual data centers must be integrated into Virtual Machine Monitor (VMM) management applications to ensure that customers and administrators are using simple interfaces to make informed decisions and that formal security policies are enforced in management and operation, which can be translated into customer guarantees regarding trust and confinement.
The major goals of this project are:
- Simplification: Simplifying management of Trusted Virtual Data Centers means to specify the security statements at an abstract level on the basis of customer sets and isolation. These statements are methodically decomposed, and uniformly enforced and verified across the hardware and software resources (VMM, servers, networks, routers, etc.). The result is a coherent and simplified security perspective for users and administrators alike in an on-demand operating environment.
- Trust: Establishing trust into the confinement and integrity properties of Trusted Virtual Data Centers means to produce evidence that systems participating in the virtual data center do and will behave as expected. By leveraging artifacts of the traditional security infrastructure (such as digital signatures, certificates, and assurance statements) and building upon emerging trusted computing technologies, Trusted Virtual Data Centers convey trust evaluations and guarantees for each customer set.
- Containment: Containing customer sets in corporate hosting environments can be achieved based on confining distributed workloads in virtualized environments. Virtualization (e.g., secure hypervisor) and overlay technologies must form a distributed protection layer around each of the computing entities of each customer set, regardless of the physical machine or network topology configuration of those entities. The resulting workload execution environments are contained using simple security statements that include the sharing of resources within customer sets.
The Trusted Virtual Data Center is based on the Trusted Virtual Domain concept and designed to support a unified secure operational policy across all members. For example, using hypervisor-based isolation (sHype) coupled with TCG-based property verification (IMA) provides strong levels of containment and trust.A more detailed technical description you can find in following publication:
Stefan Berger, Ramon Carceres, Dimitrios Pendarakis, Reiner Sailer,
Enriquillo Valdez, Ronald Perez, Wayne Schildhauer, and Deepa Srinivasan.
TVDc: Managing security in the trusted virtual datacenter.
ACM Operating Systems Review, 42(2), 2008.