A recent discussion on the value of infrastructure virtualization for SOA and SOA based middleware and related security issues was one worth posting on.
It seems to be a commonly held view that we really won’t get true Internet, Web security isolation for servers until we get the next generation of Intel hardware and related software updates from Linux and Microsoft and a protected kernal or nexus.
That overlooks the fact that System p already delivers features that enable hardware isolation that can protect software running in one logical partition from a). being hacked and b). if it is hacked, being able to compromise other partitions either directly or indirectly.
The mechanisms provided for LPAR (both HW and SW) represent a very simple security monitor capability. POWER hardware introduced a set of special registers, which are only accessible to the hypervisor, which is a trusted component of the firmware.
The POWER processor has created another higher privileged level of operation, where the hypervisor runs. Just as in a classic ringed processor architecture, “ring-0” is controlled by the operating system kernel with tightly controlled mechanisms for transitioning to that unprivileged state (syscalls), on a hypervisor based system a “ring -1” (inferring that it exists below the OS kernel ring) exists and this is the domain of the hypervisor.
Transition to the hypervisor privileged is through controlled mechanism called “hcall’s”, which can only be made from a ring-0 privileged program. These mechanisms and the processor hardware capabilities provide for the creation of a “padded cell” around the partition. The hardware mechanisms center primarily in the area of memory address mapping and handling, since the first concern is to prevent partitions from looking into other partitions memory.
In essence the firmware provides a non-addressable “firewall” like structure which ensures applications and O/S instances in one partition from accessing memory, or addressing devices that belong to another partition. As earlier stated, if you ensure that any connections into other partitions via network, messaging, etc. provide the appropriate level of security credentials, you have perfect isolation in a virtualized, shared processor environment.
This doesn’t just a benefit to web applications, it benefits any O/S or applications running in a partition and allows you to exploit unused processor capability to run badly behaved testing applications and systems in unused capacity on servers running production workloads. It is implemented in a way that requires no O/S, middleware, or application changes and is transparent. TCO for the taking!
POWER5 LPAR Security white paper. 9/06 – Armstrong, Mathews, Bade et al.
 Of course this pre-assumes the software configuration hasn’t left open network connections real or virtual that are unsecured, or worse still use a common security credential for all requests irrespective of orgin.
 Total cost of ownership