Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Google Releases Details on New Shielded VMs Cloud Security Tools

    Written by

    Jaikumar Vijayan
    Published August 7, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Google has released more details on Shielded VMs, a suite of security tools and techniques that the company announced recently for protecting enterprise cloud workloads against malicious software and other cyber-threats at the hardware and firmware levels. 

      Google rolled out Shielded VMs in beta at its Cloud Next partner conference last month. According to the company the technology offers enterprises a high degree of assurance that workloads running on Google’s cloud have not been penetrated by firmware rootkits and boot malware. 

      Shielded VMs also ensures that when a VM boots up for the first time it is running code that has not been previously tampered with, the company has noted. 

      In an Aug. 6 blog August, Google Cloud’s senior product manager Nelly Porter and technical program manager Sergey Simakov described Shielded VMs as offering protection against a range of threats that are becoming increasingly common in cloud environments. These include insider attacks and compromises; attacks exploiting malicious drivers and guest firmware; and vulnerabilities at the guest VM kernel or user-model level. 

      “Unfortunately, these threats can stay undetected for a long time, and the infected virtual machine continues to boot in a compromised state even after you’ve installed legitimate software,” Porter and Simakov said. 

      Shielded VMs provide a variety of security features including trusted firmware based on Unified Extended Firmware Interface (UEFI) version 2.3.1. UEFI data tables contain information that the operating system and operating system loader use for securely booting up an operating system and for running so-called pre-boot applications. The new UEFI-based firmware will replace the legacy BIOS subsystems that have typically been used for this process on Google cloud platform. 

      A virtual Trusted Platform Module (TPM) is another key security feature of Shielded VMs. The vTPM validates boot-level and pre-boot-level integrity of guest VMs in a cloud environment and also generates and protects the encryption keys. 

      The vTPM also enables the guest operating system to generate keys and other security codes for protecting the integrity of the environment before, during and after the boot-up process. Porter and Simakov described Google’s custom vTPM as being fully compatible with the Trusted Computing Group’s industry standard specifications for TPMs. 

      Secure Boot and Measured Boot are two other security features behind Shielded VMs. The former helps ensure that a VM only runs previously vetted, fully trusted software while the Measured Boot feature provides greater visibility into the integrity of the VM boot process, the two Google managers wrote. 

      In order to get a Shielded VM up and running, the TPM first verifies the production server hosting the VM is using known firmware when booting up. Once that step is complete the TPM then verifies that the server boots-up a secure, Google-approved operating system image and has the credentials required to load the host OS and hypervisor. 

      The virtual machine’s UEFI firmware ensures the image is configured properly and loads more software, which in turn installs a Shielded OS image into system memory before handing off execution control to the guest operating system, Porter and Simakov said. 

      The guest OS then continues loading digitally signed kernel drivers and validates them using the vTPM. “Once those steps are complete, you have a fully loaded Shielded VM up and running,” they said. 

      Jaikumar Vijayan
      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×