Skip Links

Security startup isolates untrusted content in virtual machines

Bromium's VSentry software protects PCs by isolating each task on a microVM then discarding it

By , Network World
September 19, 2012 07:26 AM ET

Network World - Security-software startup Bromium is shipping its first product, a virtualization client that runs any untrusted content inside its very own virtual machine -- a microVM -- protecting the underlying operating system and whatever content is stored on the physical machine from theft and malware infection.

The software, VSentry, is aimed at stopping threats that have never been seen before and so can't be detected by signature-based defenses. It also lets end users access whatever content they want to without risk of infecting their own machines or other machines on corporate networks, the company says.

BACKGROUND: Startup Bromium takes aim at cloud security

FOUNDERS: Former Citrix CTO says virtualization will solve security problems

The software filters applications, Web pages, attachments -- anything that customers define with a rule set -- and automatically runs them in separate microVMs, which are destroyed when users are done with each task.

For example, if all Internet content is considered untrusted, anything downloaded from the Internet runs in a microVM that is set up on the fly within 30 milliseconds so the user experiences no perceptible delay.

This process ensures that malicious content or code can't access anything else on the machine, says Gaurav Banga, Bromium's CEO. Hundreds of microVMs can run at one time.

Whatever task is running inside a microVM has access to what appears to be an unused Windows 7 computer with no access to files and file systems other than what is necessary to run the process with the microVM. If a Web browser accesses an untrusted website it has visited before and for which it has cookies, VSentry will supply the cookies to the microVM, Banga says.

If the site updates its cookies during that visit they are retained for use the next time the browser visits that site, he says. If a browser opens up multiple windows, each window gets its own microVM which remains open until that window is shut down.

Bromium software logs whatever malicious activity it detects.

Untrusted content that moves from computer to computer within an enterprise -- such as shared documents -- moves with a provenance stamp on it that indicates whether or not it should be opened in a microVM, preventing a document with malicious code embedded in it from permeating the network, he says.

Underlying these microVMs is the Microvisor, similar to a hypervisor but that generates virtual environments for individual objects rather than entire virtual computers. The goal of VSentry is to protect the operating system from corruption, Banga says.

VSentry is deployed like an application and takes control of some parts of the machine hardware such as CPU and memory, but not the entire machine as would a bare-metal hypervisor. "It's as bare metal as it needs to be, but doesn't need to be in control of the entire machine," Banga says. MicroVM access to memory and cache must go through the Microvisor, for example. But trusted applications have direct access to system resources without going through VSentry.

This access to the hardware is accomplished via virtualization support for virtualization found in certain x86 processors. Devices built on ARM processors can't be served by VSentry until ARM Version 7 comes out sometime next year, Banga says. It will include the necessary support for virtualization.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News