Forgot your password?
typodupeerror
Open Source Virtualization News IT Technology

Godfather of Xen On Why Virtualization Means Everything 150

Posted by samzenpus
from the more-real-than-real dept.
coondoggie writes "While conventional wisdom says virtualized environments and public clouds create massive security headaches, the godfather of Xen, Simon Crosb, says virtualization actually holds a key to better security. Isolation — the ability to restrict what computing goes on in a given context — is a fundamental characteristic of virtualization that can be exploited to improve trustworthiness of processes on a physical system even if other processes have been compromised, he says."
This discussion has been archived. No new comments can be posted.

Godfather of Xen On Why Virtualization Means Everything

Comments Filter:
  • Re:OS design fail (Score:5, Interesting)

    by bolthole (122186) on Thursday November 03, 2011 @08:02PM (#37942410) Journal

    True.

    Plus the minute you start sharing things within a virtual machine
    (ie: apache, cgi-type middleware, database all on the same machine), you've just lost all "extra" security from virtualization. You may keep the top level OS "protected", but who cares, you've lost private data from your database, through a hole in apache(or whatever). OOoops....

    The problem of security is slightly improved, if you run each thing on separate virtual machines on the same hardware. You should in theory get relatively fast interconnects. If you VM is any good, that is. But you're still losing efficiency, unless you're doing "zones" or something like that.
    And it's 3x the headache to manage 3 separate instances of OSs, for what is in effect just one top level system anyway.

  • Re:OS design fail (Score:5, Interesting)

    by TheRaven64 (641858) on Friday November 04, 2011 @07:03AM (#37945796) Journal
    The difference is, mainframes did it properly. The first system to support virtualisation was VM/360. It didn't just support virtualisation, it supported recursive virtualisation. This meant that any VM could contain other VMs, so you could use the same abstraction for isolation at any level. Operating systems provide a very limited form of virtualisation: processes. A userspace process is basically a VM for a paravirtualised architecture. Any time it wants to talk to the hardware, it has to go via the kernel. The problem is, it stops there. A process can't contain other processes which can only contact the kernel via the parent process, so programs end up adding their own ad-hoc isolation mechanisms. Things like the JVM, web browsers, even office apps all need to run untrusted code but have to isolate it without any help from the hardware. Fortunately, modern systems are providing things like capsicum, sandbox, and systrace, so it is now possible to create a child process with very restricted privileges.

Their idea of an offer you can't refuse is an offer... and you'd better not refuse.

Working...