Thank you for your interest in our Virtualization and Security Birds-of-a-Feather session! We had a great discussion and really appreciate all the participation we had and the interesting topics brought up by attendees. With the popularity and growing prevalence of virtual machine monitors (hypervisors) in many capacities and in many settings, we strongly feel that there will be a lot of interaction and common interests among members of the virtualization and security communities to come. We also hope to see the growth of future BoFs and SIGs regarding this relevant topic.
This discussion will investigate the security pros and cons of virtualization. Pros discussed will include the usefulness of virtualization for secure virtual appliance deployment, convenient sandboxing, and convenient software distribution. Cons will be discussed relating to the additional security demands of virtualization and its weaknesses or complications, including the addition of another exploitable layer, the increased performance overhead, and the reduced granularity of access of control.
While considering the current trends in virtualization technology development and adoption, questions that will be discussed include: Does virtualization have anything additional to offer for enforcing the principle of least privilege (POLP), or for more secure or more convenient sandboxing? Does virtualization offer a more convenient secure software distribution mechanism? In which ways does virtualization unnecessarily complicate securing applications, and in which ways does it simplify application security? In which scenarios is the actual performance impact of virtualization too great for it to be viably used, and in which scenarios is its performance impact outweighed by its potential security benefits?
USENIX Security Symposium 2009 BoFs Page
This page last updated: 2009-08-17 05:54:44 AM (EDT)