VMware to develop Secure Systems for NSA

[MsMittens]

Interesting, eh?

Quote:

Source: eWeek

It's No Secret: VMware to Develop Secure Systems for NSA
By Scott Ferguson
August 29, 2007

VMware is working with General Dynamics to create workstations that can handle both sensitive and unclassified material.


It's one relationship that the National Security Agency is not keeping secret.

The NSA is working with VMware, which is considered the world's largest provider of virtualization technology, and General Dynamics C4 Systems to develop a workstation platform capable of handling both sensitive and unclassified material within the same PC.

VMware, General Dynamics—the parent company of General Dynamics C4 Systems and one of the country's largest government contractors—and the NSA are announcing the new agreement Aug. 29, said Aileen Black, vice president of federal sales for VMware.

This High-Assurance Platform workstation will use VMware's hypervisor technology—software that allows a single piece of hardware to be divided into several virtual machines—to create a secure PC that is certified by the NSA to handle top secret, secret, classified and unclassified data. Black said the hypervisor supports a range of operating systems, including Microsoft Windows and Red Hat Linux, and will allow up to six virtual machines to run on a single physical workstation.


The VMware hypervisor also works with a host of legacy applications that several intelligence agencies continue to use in their work, Black said.

In the past, intelligence officers and U.S. Department of Defense personnel would have to use separate PCs to handle different levels of classified material. What the NSA contract with General Dynamics and VMware is looking to accomplish is to create a single workstation that can handle different layers of information within the same physical machine.

The other benefit, Black said, is that it will reduce the hardware footprint at several federal agencies by allowing IT administrators to move information from several workstations onto one platform.



General Dynamics has been working on various hardware solutions for these types of security concerns for some time. At a recent demonstration of Intel's new vPro platform, a General Dynamics security engineer showed a workstation that took advantage of the new security and virtualization features that Intel built into the updated version of the platform.

VMware's own history with developing virtualization technology for the NSA goes back to 2000.


General Dynamics and VMware are developing both mobile and desktop workstations that have the NSA certification. In addition to the NSA, several other government agencies will test the new High-Assurance Platform PCs, including the Department of Defense and its Special Operations Command.

"This is a huge win for VMware software because not only does it show that virtualization security can provide an isolated environment for a range of data, but it can also help simplify the operations within the intelligence community," Black said.

[HTRegz]

This will be cool... until we find out that VMWare runs on Linux and is therefore subject to the GPL heh

[phishphreek]

Thats pretty much the same exact thing that I do. I run my day to day activities on my workstation. Then, in a vmware session on that box, I have a workstation loaded with just the essentials I need to connect and work over the VPN.

I've always worried that if I got a keylogger on my host, it'd be able to see what I'm doing in vmware. It'd be nice to know for sure that what you do in one session can't affect the other sessions.

Offtopic: I wonder if both MSM and HTRegz are from Canada, eh? heh

[HTRegz]

Quote:

Originally Posted by phishphreek

Thats pretty much the same exact thing that I do. I run my day to day activities on my workstation. Then, in a vmware session on that box, I have a workstation loaded with just the essentials I need to connect and work over the VPN.

I've always worried that if I got a keylogger on my host, it'd be able to see what I'm doing in vmware. It'd be nice to know for sure that what you do in one session can't affect the other sessions.

Offtopic: I wonder if both MSM and HTRegz are from Canada, eh? heh

What's Canada???

Anyways... There's a difference between what you're doing phish and what is being described... The Hypervisor technology would be similar to ESX Technology, making it different from all other VMWare Products...

Doing what you're doing with VMWare, *could* leave you no better off than doing it all on a single box. Take the recent MS Advisory affecting Virtual Server / PC...It allowed admin of 1 guest os to control anything (host or other guests)... should a similar problem be found in VMWare Workstation / Server, then access to host or any guest == compromise of all...

I'd really like to see what will happen to this agreement when it's demonstrated that VMWare is violating the GPL... it may lead to an interesting turn of events.

[rcgreen]

Quote:

and is therefore subject to the GPL

Not a problem. If they use it in their agency and never distribute it,
they are not obligated to publish the code.

[nihil]

What has the GPL got to do with anything?

The NSA is contracting VMware, a software developer, to provide them with a bespoke, secure system. As such, it is a government contract and closed source.

The IP and source will belong to the government, as they are paying for it

[HTRegz]

Quote:

Originally Posted by nihil

What has the GPL got to do with anything?

The NSA is contracting VMware, a software developer, to provide them with a bespoke, secure system. As such, it is a government contract and closed source.

The IP and source will belong to the government, as they are paying for it

They are going to use "VWMare's Hypervisor" which is the base of ESX... which relies on Linux and uses portions of Linux... so I'd say it has everything to do with the GPL

[nihil]

NO, you must learn to read between the lines

Quote:

This High-Assurance Platform workstation will use VMware's hypervisor technology

That does not mean that they are going to use existing systems...............otherwise there would be no need for the project.

By "technology" they mean concepts, not existing systems. A hypervisor is a mechanism, it is not dependent on Linux or any other operating system, and it certainly is not "derived" from a particular operating system, so the GPL is irrelevant.

Anyway, the Linux open source community is totally impotent when it comes to any sort of civil legal enforcement. There is nobody with a serious interest and nobody with the funding.

If you really want to self-destruct, p1$$1ng off the NSA seems like an excellent place to start