“But one of the key things about hypervisors is their design is simpler than the modern operating system. On the flip side, it’s a new layer that’s another opportunity for attack,” he says.
Hypervisors are programs that allow multiple operating systems to use the same hardware. But these programs can also breed complexity, and with complexity comes security problems.
Virtualization security solutions so far have been focused mostly on the hypervisor: IBM, for instance, recently unveiled SHype, a new secure hypervisor technology that ties security policies to virtual machines. And VMWare’s desktop Ace software lets you lock down virtual machines, even when they are moved around. Lin says it works like a network access control (NAC) for virtual machines.
Thomas Ptacek, a security researcher with Matasano Security, says the move to virtualization is the biggest thing happening in IT today. “Some say virtualization of the OS doesn’t change anything, and others, that with virtualization, everything is broken,” Sequeira says. There are more vulnerabilities in your operating system than in your virtualization software, such as VMware, Matasano’s Ptacek notes. It’s more about how you configure your virtual architecture, where the virtual machine software is the main barrier among the different apps sharing the same physical machine.”
The underlying problem: Virtualization creates a set of dynamics in the IT infrastructure that traditional security approaches “don’t cope with well,” says Kevin Leahy, director of virtualization at IBM.
http://www.darkreading.com/document.asp?doc_id=117908&WT.svl=news2_3