Traps, Events, Emulation, and Enforcement: Managing the Yin and Yang of Virtualization-Based Security

Download Now Free registration required

Executive Summary

The authors question current trends that attempt to leverage virtualization techniques to achieve security goals. They suggest that the security role of a virtual machine centers on being a policy interpreter rather than a resource provider. These two roles (security reference monitor and resource emulator) are currently conflated within the context of virtual machines and VMMs. They believe that this "Double-duty" leads to both a significant performance impact as well as a bloated virtualization layer. Increased complexity reduces confidence that the code is elementary enough to verify or trust from a security perspective.

  • Format: PDF
  • Size: 186.73 KB