Changing VM landscape
VMs for complete desktop env. re-emerging
- e.g., VMware
- extremely complete, poor scaling
VM sandboxes widely used for web hosting
- ensim, BSD Jail, linux vservers (glunix, ufo, ...)
- limited /bin, no /dev, many VMs per FM
- limit the API for security
Scalable Isolation kernels (VMMs)
- host multiple OS’s on cleaner VM
- Denali, Xen
- Simple enough to make secure
- attack on hosted OS is isolated
-
-
Savage/Anderson view: security is the most critical requirement, there has never been a truly secure VM, it can only be secure if it has no bugs...