Taking Virtualization Security Seriously
August 24, 2007
Virtualization security has been on the minds of a lot of IT folks lately. There's no doubt that virtualization changes the security game - and because it involves new software - the potential for new exploits exists.
The clever folks at VMware understand this and, as seems to be their practice, quietly bought a company that can help. Determina, which it bought a couple of weeks ago, had a couple of products; I say had because it looks like VMware was just after the technology. Rumor is that most of Determina, including sales, marketing and executives, was not retained after the purchase, and VMware won't sell the Determina products as stand-alone offerings.
Its memory firewall protects against stack and heap overflow exploits. And while that's a pretty narrow protection goal, it's an important one. The problem is that for some applications, the Determina memory firewall could put a dent in overall performance.
Still, where VMware needs to make a case is that it can fully protect virtual machines from one another. If it can simultaneously protect VMs and hosted applications against buffer, stack and heap overflow exploits, who wouldn't be interested in that?
Determina's second product was called LiveShield. The idea behind it is to stop exploits on the fly - no need to reboot the server, just apply the patch in memory. Certainly this is right up VMware's alley as the technology isn't too far from its own binary emulation system, which rewrites parts of executable code as it loads.