Bromium twists chip virty circuits to secure PCs and servers

Trust nothing, protect the Byzantine general kernel

Bromium, the security startup launched a year ago by the techies behind the open source Xen server virtualization hypervisor, are lifting the veil a bit on the software that they are cooking up, while at the same time announcing a big new bag of cash to pay for the ongoing development of what the company is calling a microvisor.

Ian Pratt and Simon Crosby, colleagues from Cambridge University who created (and somewhat begrudgingly commercialized) the Xen hypervisor, which Citrix Systems bought in September 2007 for $500m, are behind the stealthy startup. They tapped Gaurav Banga, who was previously CTO and senior vice president of engineering at computer BIOS maker Phoenix Technologies, to be their CEO.

Banga knows a thing or two about virtualization, having created the Unified Extensible Firmware Interface (UEFI) for modern system BIOSes and also HyperSpace, a baby Linux environment that Hewlett-Packard acquired for its PCs in June 2010.

Bromium came out of stealth mode last June, and at the time Crosby and Pratt didn't say much about what they were up to, except that they would be using virtualization in some manner to secure PCs and servers in a different way and that they had secured $9.2m in Series A funding from Andreessen Horowitz, Ignition Partners, and Lightspeed Venture Partners.

The original plan was to have some sort of products in the field by the end of 2011, but that didn't work out, and Crosby was absolutely unapologetic about it when talking to El Reg, considering the monumental complex job of securing a PC from the outside world. Bromium's investors don't seem to mind that this might take a little time, and Highland Capital Partners is leading a $26.5m Series B round, with Intel Capital participating for the first time and Andreessen Horowitz and Ignition Partners kicking in some more dough, too.

The bar that Bromium has set for itself, as it turns out, is quite high, and hence the patience. Which is also reasonable given the daunting task that the company has: creating a completely new security paradigm for PCs without adding a new management console and without changing the user experience at all.

"You have to trust something, so we will start with the hardware," says Crosby, who walked El Reg through the basic architecture of the Bromium security model and its microvisor approach.

The hardware is analogous to the emperor in what is known as the Byzantine general's problem, which is how can you know who to trust in the army when you want to attack a city? Your army (by analogy a PC operating system and application stack) could be infiltrated with traitors (malware) who want to delay or thwart your plans, and if you are such a general (the operating system kernel in charge) you have to assume there are such traitors and still carry out your orders from the emperor – and without revealing your plans in full to anyone in the army.

The problem with a PC software stack is exactly the same as with a Roman army: there's so much stuff to keep track of. In the case of a PC, there are approximately 100 million lines of code in the software stack, and by definition, that means there are always vulnerabilities and that you can never plug them all. That's a big problem, and ironically, Bromium's answer is this: Don't try.

Bromium microvisor

The Bromium microvisor: task-based virtualization

Rather, Bromium is creating a security methodology that invokes the principle of least privileges, which isolates all applications and operating system functions on a PC from each other and that never, ever lets a process see something that it doesn't need to see.

For instance, when you load Facebook, what the instance of the Chrome browser can see of your disk drive is precisely one file: the cookie that Facebook installs, and not one bit or byte more. That cookie and the Facebook session are loaded up into a virtual container called a microVM, which is different from a hypervisor guest in that it is centered on a specific task, not on abstracting a whole virtual PC environment that an OS can run in.

Here's another example: when you load an Excel spreadsheet, the only thing that Excel is allowed to see is that spreadsheet, and because a microVM security layer is wrapped around it, it simply is not allowed to reach into the TCP/IP stack and start sending packets out to heaven knows where on the internet. No program is allowed to start a session on your webcam if it has not been granted explicit permission to do so, and so on.

The Bromium microvisor is not a heavy-weight virtualization layer, but a lightweight one that is twisting features that Intel has woven into its recent Core and Xeon processors, such as VT and in the case of business-class PCs, vPro extensions to the Core chips and related chipsets, in a new way to secure tasks running on PCs instead of helping hypervisors run better and more efficiently.

The similar AMD-V and IOMMU extensions to the Fusion and Opteron processors that are analogous to VT and VT-d are also supported with the Bromium microvisor, so a PC based on either chip will be able to protect against outside threats. But to get the full protection, which will be able to thwart attempts to hack a PC from the machine's actual keyboard, you need the Trusted Execution Environment (TXT) features etched into the vPro-enabled Core processors as well as in the latest two generations of Xeon processors.

Since Bromium is aiming its initial products at enterprises, not consumers, and not focusing yet on servers, supporting vPro-enabled PCs is a good place to start, says Crosby. "Supporting AMD processors as well as Intel chips is not hard," explains Crosby. "But the guys who are all wound up about PC security are all on vPro machines already."

A Bromium microvisor on a Windows-based PC can create and destroy hundreds of these microVMs in a second as tasks are started and finished, and it has an infinitesimally small effect on performance.

Nothing is ever perfectly secure, of course, and Bromium is not proclaiming that its microvisor is immune from attack. The microvisor has 10,000 lines of code and its hypercall API, while hardened, is absolutely not impenetrable.

"We can reduce the vulnerability surface from 108 to 104, and that works out to a factor of 104 increase in costs for the bad guys," says Crosby. "The goal is to make it too expensive for the bad guy to attack you in the first place."

The interaction of the OS, apps, and the microvisor

The interaction of the OS, apps, and the Bromium microvisor and microVM (click to enlarge)

Because the microvisor has tight control over what tasks on a machine can access data, and what data in particular, it is also a means of preventing the loss or corruption of data on a PC. So if you click on something you shouldn't have on the Internet and a piece of malware gets in, the clever Byzantine general (our kernel) rather than confronting the malware, can wrap the tasks that make up that malware in a microVM and let it pretend to overwrite Windows files.

Yup, it lies to them and puts those corrupted Windows files in a microVM, but the malware can't know that. And when the malware is done writing on your panes of glass with spray paint, the microvisor deletes the files and the malware in the microVM and thus its attempted corruption are purged from the system.

You'll notice that this approach to security works whether Windows is patched or not. Let's hope this doesn't make Microsoft complacent about security.

Bromium now has 40 employees, and Crosby says that they are doing "some very, very deep systems work." The company is not talking products yet, but clearly the idea is to get PC OEMs on board with adding Bromium wares to the machines. "We're in beta now, and we will GA when it is awesome," says Crosby.

You can find out more about the Bromium architecture in this white paper (PDF). ®

Other stories you might like

  • Monero-mining botnet targets Windows, Linux web servers
    Sysrv-K malware infects unpatched tin, Microsoft warns

    The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.

    The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.

    The vulnerabilities, all of which have patches available, include flaws in WordPress plugins such as the recently uncovered remote code execution hole in the Spring Cloud Gateway software tracked as CVE-2022-22947 that Uncle Sam's CISA warned of this week.

    Continue reading
  • Red Hat Kubernetes security report finds people are the problem
    Puny human brains baffled by K8s complexity, leading to blunder fears

    Kubernetes, despite being widely regarded as an important technology by IT leaders, continues to pose problems for those deploying it. And the problem, apparently, is us.

    The open source container orchestration software, being used or evaluated by 96 per cent of organizations surveyed [PDF] last year by the Cloud Native Computing Foundation, has a reputation for complexity.

    Witness the sarcasm: "Kubernetes is so easy to use that a company devoted solely to troubleshooting issues with it has raised $67 million," quipped Corey Quinn, chief cloud economist at IT consultancy The Duckbill Group, in a Twitter post on Monday referencing investment in a startup called Komodor. And the consequences of the software's complication can be seen in the difficulties reported by those using it.

    Continue reading
  • Infosys skips government meeting - and collecting government taxes
    Tax portal wobbles, again

    Services giant Infosys has had a difficult week, with one of its flagship projects wobbling and India's government continuing to pressure it over labor practices.

    The wobbly projext is India's portal for filing Goods and Services Tax returns. According to India’s Central Board of Indirect Taxes and Customs (CBIC), the IT services giant reported a “technical glitch” that meant auto-populated forms weren't ready for taxpayers. The company was directed to fix it and CBIC was faced with extending due dates for tax payments.

    Continue reading
  • Google keeps legacy G Suite alive and free for personal use

    Google has quietly dropped its demand that users of its free G Suite legacy edition cough up to continue enjoying custom email domains and cloudy productivity tools.

    This story starts in 2006 with the launch of “Google Apps for Your Domain”, a bundle of services that included email, a calendar, Google Talk, and a website building tool. Beta users were offered the service at no cost, complete with the ability to use a custom domain if users let Google handle their MX record.

    The service evolved over the years and added more services, and in 2020 Google rebranded its online productivity offering as “Workspace”. Beta users got most of the updated offerings at no cost.

    Continue reading
  • GNU Compiler Collection adds support for China's LoongArch CPU family
    MIPS...ish is on the march in the Middle Kingdom

    Version 12.1 of the GNU Compiler Collection (GCC) was released this month, and among its many changes is support for China's LoongArch processor architecture.

    The announcement of the release is here; the LoongArch port was accepted as recently as March.

    China's Academy of Sciences developed a family of MIPS-compatible microprocessors in the early 2000s. In 2010 the tech was spun out into a company callled Loongson Technology which today markets silicon under the brand "Godson". The company bills itself as working to develop technology that secures China and underpins its ability to innovate, a reflection of Beijing's believe that home-grown CPU architectures are critical to the nation's future.

    Continue reading
  • China’s COVID lockdowns bite e-commerce players
    CEO of e-tail market leader JD perhaps boldly points out wider economic impact of zero-virus stance

    The CEO of China’s top e-commerce company, JD, has pointed out the economic impact of China’s current COVID-19 lockdowns - and the news is not good.

    Speaking on the company’s Q1 2022 earnings call, JD Retail CEO Lei Xu said that the first two years of the COVID-19 pandemic had brought positive effects for many Chinese e-tailers as buyer behaviour shifted to online purchases.

    But Lei said the current lengthy and strict lockdowns in Shanghai and Beijing, plus shorter restrictions in other large cities, have started to bite all online businesses as well as their real-world counterparts.

    Continue reading
  • Foxconn forms JV to build chip fab in Malaysia
    Can't say when, where, nor price tag. Has promised 40k wafers a month at between 28nm and 40nm

    Taiwanese contract manufacturer to the stars Foxconn is to build a chip fabrication plant in Malaysia.

    The planned factory will emit 12-inch wafers, with process nodes ranging from 28 to 40nm, and will have a capacity of 40,000 wafers a month. By way of comparison, semiconductor-centric analyst house IC Insights rates global wafer capacity at 21 million a month, and Taiwanese TSMC’s four “gigafabs” can each crank out 250,000 wafers a month.

    In terms of production volume and technology, this Malaysian facility will not therefore catapult Foxconn into the ranks of leading chipmakers.

    Continue reading
  • NASA's InSight doomed as Mars dust coats solar panels
    The little lander that couldn't (any longer)

    The Martian InSight lander will no longer be able to function within months as dust continues to pile up on its solar panels, starving it of energy, NASA reported on Tuesday.

    Launched from Earth in 2018, the six-metre-wide machine's mission was sent to study the Red Planet below its surface. InSight is armed with a range of instruments, including a robotic arm, seismometer, and a soil temperature sensor. Astronomers figured the data would help them understand how the rocky cores of planets in the Solar System formed and evolved over time.

    "InSight has transformed our understanding of the interiors of rocky planets and set the stage for future missions," Lori Glaze, director of NASA's Planetary Science Division, said in a statement. "We can apply what we've learned about Mars' inner structure to Earth, the Moon, Venus, and even rocky planets in other solar systems."

    Continue reading
  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading

Biting the hand that feeds IT © 1998–2022