Finally, expect VMs to take a growing role on the desktop, with notebooks and PCs designed from the ground up to support admin-locked VM partitions constantly monitoring all running areas, safely removed from user-installed malware or human error compromises.
"Intel's virtualization roadmap creates significant opportunities to combat security threats in radical new ways," says Grobman, adding that Intel has a focus on security technologies that will help ensure VMM and virtual machine integrity through hardware protections.
Finally, work to raise awareness. The last question in our reader survey was open-ended, asking if readers had additional concerns or opinions on virtualization security. Sure, we got the expected rants or raves for or against specific vendors, but a recurring theme was, "I didn't have any concerns until I completed this survey."
If knowledge is power, consider yourself armed.
Google Gets a Word In
Tavis Ormandy, a Google intern working on security issues in virtualized environments, stirred things up this past spring at CanSecWest in Vancouver. In his research paper, catchily titled "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments," Ormandy detailed a long list of successful exploits against commercial and open-source virtualization products. While they were "inside-out" vulnerabilities—attacks launched from within a guest OS against the VM host—he discovered flaws on every platform tested, and one of the real-world outcomes of his research was a production patch to VMware's ESX Server resolving two potential denial-of-service flaws and addressing other concerns.
