Thomas Ptacek writes about two ways virtualization complicates life for systems security people in his blog entry, Dark Reading on Virtualization Security.
First of all, he says, “you now face the spectre of guest-hopping attacks, which are vulnerabilities in your hypervisor that allow you to beat VM protection and gain access to other hosts. The driver for these attacks is that a hypervisor has to provide at least the illusion of a ‘ring 0’ for a guest operating system to run in.” Secondly, he adds: “If you’re on the same hardware as your target, you have significantly improved timing channels to pry encryption secrets out with.”
Fortunately, he has some ideas on how to handle these problems. So do the other writers for Matasano Chargen, a blog about information security.
Virtualization security is on our readers’ minds, too, and we’re answering their requests for advice. Check out Chris Wolf’s advice on virtual switch security on Virtual Server, VMware and XenExpress and the virtualization security series by Harley Stagner, in which he suggests ways to improve Microsoft Virtual Server security.
What aspect of virtualization security is bugging you? What should IT shops really be worried about?