Security Overview of the Integrity Virtual Machines Architecture
6
Virtual Network Interface Cards
Virtual machine communication with other systems is only possible through virtual network interface
cards connected to a vswitch. All network communication to and from the VM passes through the
virtual network interface card (vNIC) on its way to the vswitch. Integrity VM virtualizes multiple
network interface devices implemented so that they all have a device emulator and a protocol driver
in the VMM. All network traffic through a vNIC must pass through these two entities. The protocol
driver examines the source MAC address and IP address of each packet coming from the virtual
machine. If these addresses do not match those of the virtual machine, then the packet goes no
further. In doing so, the VMM prevents a given virtual machine from posing as another virtual
machine or the physical VM Host system.
As mentioned previously, Integrity VM provides AVIO network adapters for higher performance
needs. The AVIO network modules on the virtual machine ensures that a guest cannot set the MAC
address other than that which it has been defined with, preventing attempts by that virtual machine to
pose as another virtual machine or the VM Host system. These AVIO network adapters may be
connected to virtual switches along with other virtual network adapters. Due to the security
functionality built into VLAN technology, multiple VLANs may be used on the same virtual switch as
mentioned previously.
To better isolate guests from other guests that are not in the same trust domain, it is good practice to
isolate virtual switches to a single trust domain. Only guests that share the domain should have virtual
NICs connected to the same virtual switch. To further isolate the virtual network from the VM Host
system, define virtual switches to use logical ports on the VM Host that do not have an IP address
configured. A graphical example of such a configuration is illustrated in Figure 1.