VMware to develop Secure Systems for NSA
Results 1 to 8 of 8

Thread: VMware to develop Secure Systems for NSA

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    VMware to develop Secure Systems for NSA

    Interesting, eh?

    Source: eWeek

    It's No Secret: VMware to Develop Secure Systems for NSA
    By Scott Ferguson
    August 29, 2007

    VMware is working with General Dynamics to create workstations that can handle both sensitive and unclassified material.


    It's one relationship that the National Security Agency is not keeping secret.

    The NSA is working with VMware, which is considered the world's largest provider of virtualization technology, and General Dynamics C4 Systems to develop a workstation platform capable of handling both sensitive and unclassified material within the same PC.

    VMware, General Dynamics—the parent company of General Dynamics C4 Systems and one of the country's largest government contractors—and the NSA are announcing the new agreement Aug. 29, said Aileen Black, vice president of federal sales for VMware.

    This High-Assurance Platform workstation will use VMware's hypervisor technology—software that allows a single piece of hardware to be divided into several virtual machines—to create a secure PC that is certified by the NSA to handle top secret, secret, classified and unclassified data. Black said the hypervisor supports a range of operating systems, including Microsoft Windows and Red Hat Linux, and will allow up to six virtual machines to run on a single physical workstation.


    The VMware hypervisor also works with a host of legacy applications that several intelligence agencies continue to use in their work, Black said.

    In the past, intelligence officers and U.S. Department of Defense personnel would have to use separate PCs to handle different levels of classified material. What the NSA contract with General Dynamics and VMware is looking to accomplish is to create a single workstation that can handle different layers of information within the same physical machine.

    The other benefit, Black said, is that it will reduce the hardware footprint at several federal agencies by allowing IT administrators to move information from several workstations onto one platform.



    General Dynamics has been working on various hardware solutions for these types of security concerns for some time. At a recent demonstration of Intel's new vPro platform, a General Dynamics security engineer showed a workstation that took advantage of the new security and virtualization features that Intel built into the updated version of the platform.

    VMware's own history with developing virtualization technology for the NSA goes back to 2000.


    General Dynamics and VMware are developing both mobile and desktop workstations that have the NSA certification. In addition to the NSA, several other government agencies will test the new High-Assurance Platform PCs, including the Department of Defense and its Special Operations Command.

    "This is a huge win for VMware software because not only does it show that virtualization security can provide an isolated environment for a range of data, but it can also help simplify the operations within the intelligence community," Black said.

    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    This will be cool... until we find out that VMWare runs on Linux and is therefore subject to the GPL heh
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Thats pretty much the same exact thing that I do. I run my day to day activities on my workstation. Then, in a vmware session on that box, I have a workstation loaded with just the essentials I need to connect and work over the VPN.

    I've always worried that if I got a keylogger on my host, it'd be able to see what I'm doing in vmware. It'd be nice to know for sure that what you do in one session can't affect the other sessions.

    Offtopic: I wonder if both MSM and HTRegz are from Canada, eh? heh
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by phishphreek
    Thats pretty much the same exact thing that I do. I run my day to day activities on my workstation. Then, in a vmware session on that box, I have a workstation loaded with just the essentials I need to connect and work over the VPN.

    I've always worried that if I got a keylogger on my host, it'd be able to see what I'm doing in vmware. It'd be nice to know for sure that what you do in one session can't affect the other sessions.

    Offtopic: I wonder if both MSM and HTRegz are from Canada, eh? heh
    What's Canada???

    Anyways... There's a difference between what you're doing phish and what is being described... The Hypervisor technology would be similar to ESX Technology, making it different from all other VMWare Products...

    Doing what you're doing with VMWare, *could* leave you no better off than doing it all on a single box. Take the recent MS Advisory affecting Virtual Server / PC...It allowed admin of 1 guest os to control anything (host or other guests)... should a similar problem be found in VMWare Workstation / Server, then access to host or any guest == compromise of all...

    I'd really like to see what will happen to this agreement when it's demonstrated that VMWare is violating the GPL... it may lead to an interesting turn of events.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    and is therefore subject to the GPL
    Not a problem. If they use it in their agency and never distribute it,
    they are not obligated to publish the code.
    I came in to the world with nothing. I still have most of it.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    What has the GPL got to do with anything?

    The NSA is contracting VMware, a software developer, to provide them with a bespoke, secure system. As such, it is a government contract and closed source.

    The IP and source will belong to the government, as they are paying for it

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by nihil
    What has the GPL got to do with anything?

    The NSA is contracting VMware, a software developer, to provide them with a bespoke, secure system. As such, it is a government contract and closed source.

    The IP and source will belong to the government, as they are paying for it
    They are going to use "VWMare's Hypervisor" which is the base of ESX... which relies on Linux and uses portions of Linux... so I'd say it has everything to do with the GPL
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    NO, you must learn to read between the lines

    This High-Assurance Platform workstation will use VMware's hypervisor technology
    That does not mean that they are going to use existing systems...............otherwise there would be no need for the project.

    By "technology" they mean concepts, not existing systems. A hypervisor is a mechanism, it is not dependent on Linux or any other operating system, and it certainly is not "derived" from a particular operating system, so the GPL is irrelevant.

    Anyway, the Linux open source community is totally impotent when it comes to any sort of civil legal enforcement. There is nobody with a serious interest and nobody with the funding.

    If you really want to self-destruct, p1$$1ng off the NSA seems like an excellent place to start

Similar Threads

  1. Ethical Hacking!
    By E5C4P3 in forum AntiOnline's General Chit Chat
    Replies: 33
    Last Post: January 17th, 2008, 12:40 AM
  2. Using IPSec to Secure Computers and Network Traffic.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 7th, 2004, 08:18 PM
  3. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM
  4. Introduction to IDS
    By micael in forum IDS & Scanner Discussions
    Replies: 3
    Last Post: February 23rd, 2002, 10:05 PM
  5. Denail Of Service FAQ
    By Ennis in forum The Security Tutorials Forum
    Replies: 4
    Last Post: November 15th, 2001, 07:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •