Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Open Source Virtualization News IT Technology

Godfather of Xen On Why Virtualization Means Everything 150

coondoggie writes "While conventional wisdom says virtualized environments and public clouds create massive security headaches, the godfather of Xen, Simon Crosb, says virtualization actually holds a key to better security. Isolation — the ability to restrict what computing goes on in a given context — is a fundamental characteristic of virtualization that can be exploited to improve trustworthiness of processes on a physical system even if other processes have been compromised, he says."
This discussion has been archived. No new comments can be posted.

Godfather of Xen On Why Virtualization Means Everything

Comments Filter:
  • OS design fail (Score:5, Insightful)

    by Animats ( 122034 ) on Thursday November 03, 2011 @07:54PM (#37942316) Homepage

    If OSs hadn't failed so bad on isolation, we wouldn't need so much virtualization. "Virtual machine monitors" are just operating systems with a rather simple application API. Microkernels, if you will.

  • Re:OS design fail (Score:4, Insightful)

    by White Flame ( 1074973 ) on Thursday November 03, 2011 @08:03PM (#37942420)

    OSes haven't failed as a whole. The current desktop/server ones just haven't caught up to and rediscovered the proper design principles of the old mainframes.

  • ad infinitum (Score:4, Insightful)

    by More Trouble ( 211162 ) on Thursday November 03, 2011 @08:26PM (#37942656)

    And if the current level of virtualization isn't secure enough, adding another virtual layer will certainly improve security even more.

  • Re:OS design fail (Score:2, Insightful)

    by Anonymous Coward on Thursday November 03, 2011 @10:11PM (#37943434)

    The higher security certifications start to have WEIRD consequences for a general purpose system, we went over these a bit in computer science.

              For instance, under the (apparently now obsolete) orange book ratings, C2 is pretty normal, NT4 (not on a network) was certified to this level, and a certified version of HP-UX, Irix, VMS, etc. were sold back in the day at level C1.

              To get a B1 rating? Well, for one example, "covert communications" channels are banned -- so, no pipes, no sysv shared memory .. but ALSO no conventional UNIX signals, a B1 OS cannot even tell you a load average, CPU usage, or other types of info "top" shows, because a process could modulate it's CPU usage or renice/unrenice itself to pass information covertly.

Things equal to nothing else are equal to each other.