Friday, November 4, 2011

Security by virtualization: where is the secure OS?

I can’t disagree with Simon Crosby when he says “virtualization holds a key to better security”. Isolation is the basic security building block here, being achieved by virtualization.  And that just makes me sad. Relying on virtualization for that just shows how unsuccessful  we’ve been on building decent Operating Systems.

Operating Systems are generally built with the isolation concept in mind, trying to prevent one application from interfering with others. Almost all modern OSes have that concept as part of their design goals. Yet, we go deep into wasting resources to duplicate the OS and emulate the hardware layer to each virtual machine. Really, can anyone tell me why would we have to rely on virtualization for isolation if Operating Systems were capable of doing that?  

No comments:

Post a Comment