|
Hypervisor Security Concerns |
|
|
|
Source: The Coffee Desk - Posted by Dave Wreski
|
The basic idea/thesis of this article (and the previous, unfinished draft) is this: hypervisors are getting more and more common, and are growing in deployment in everything from datacenter systems to embedded consumer electronics. But, as their deployment increases, more and more security concerns come into play, including a variety of attack methods and the dire consequences of a compromised hypervisor.
If you know what a hypervisor is, then skip this paragraph: A hypervisor is basically a very minimalist operating system designed with the purpose of abstracting real, physical computer hardware from one or more virtual machines running “above” it (from a layered perspective) – if you’ve ever run VMware player/workstation/Fusion/server atop Windows/Linux/Mac OS, a hypervisor is like that only analogous to running VMware player/server/workstation/fusion directly atop the hardware in the form of an operating system, cutting out the “middleman” OS to favor performance.
What some don’t know about hypervisors is that they utilize a few “dirty hacks” in order to implement some features and optimizations, which aren’t always security-hardened. And I don’t say “dirty hacks” in the sense that the programming is bad – the code is as good as it can be, as far as open source hypervisors can show – but the very practice of their implementation is what I consider “dirty” given their attempt to make the x86/x86-64 architectures do things they weren’t designed to do, therefore leaving a gaping security flaw capable of compromising many systems at once, including the hypervisor itself and all VMs running atop it.
Read this full article at The Coffee Desk
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
