Black Hat 2018 Profile: NanoVMS

When you apply for life insurance, you have to disclose whether or not you smoke and have dangerous hobbies like skydiving. If you do, you’re at higher risk for premature death. (But, please, by all means, enjoy!) However, if you want to live longer, you’re better off avoiding high risk activities.

Ian Eyeberg, CEO of NanoVMs

Cyber security is not so different. We seem dedicated to technologies that we know are bad for us. Like the smoker who can’t quit, even though he knows it will affect his health, IT departments rely on constructs like shells, which are open to exploits. I’m going to pick on shells in this article, but I don’t want to lose sight of the broader point: Structure determines security, to a great extent.

Shells enable multiple processes to run on the same system. They facilitate remote code access. There are good systemic and operational reasons for this, but the technology was devised in the era predating today’s cloud computing phenomenon and toxic threat environment. Designed for ease of administration, shells have become attack surfaces. Hackers can use shells to run malicious code remotely. Indeed, the massive Equifax hack, for example, started with an exploit carried out on the Apache Struts shell.

What can be done about shell vulnerabilities and the multi-process mode of system operation they enable? One approach is to adopt a unikernel architecture. A unikernel, as its name suggests, is a virtual machine that can be configured to run just one piece of code and nothing else. It cannot be accessed by a shell. It will not accept remote code access. It can be secure by design.

Ian Eyberg, CEO of NanoVMs, was at Black Hat 2018 advocating for unikernels for security reasons. NanoVMs is a single process system. It has neither users nor shells. It can run one program at a time. In general, it’s far smaller, in code terms, that comparable Linux VMs. “Compared to a bloated system like Linux, which has hundreds of millions of lines of code and drivers for virtually every device you can imagine, unikernels are remarkably small,” Eyeberg said. “Less code translates into fewer exploits.”

It is taking some time for unikernels to catch on, however. As is often the case in IT, entrenched incumbents don’t tend to budge very easily. This is not a knock on IT departments. You can’t just magically make decades of legacy infrastructure and application architecture disappear overnight, even If you wanted to. Major vendors have massive installed bases of the conventional setups. It will take years for ideas like unikernel to gain traction.

Complacency is not okay, however. Containers and other multi-process technologies still exert a strong grip despite their acknowledged security flaws. Perhaps it’s time to kick the habit.

Photo Credit: keith.bellvay Flickr via Compfight cc