|

Is Microsoft working on a VMsafe-like framework?

Posted by Alessandro Perilli   |   Tuesday, May 27, 2008   |   1 Comments

The upcoming set of VMware APIs known as VMsafe has the potential to dramatically change the way we secure data centers today.

If the technology will be widely adopted by security vendors it's clear that VMware competitors will try to replicate the approach or further innovate it. But until a clear, positive answer from the market, the most obvious strategy is to raise some (absolutely legit) security concerns about VMsafe and its capability to expose part of the hypervisor for new attacks.

So far Microsoft didn't took an official position about the topic but virtualization.info had the opportunity to speak with several representatives who clearly stated how carefully the company is evaluating the security implications of a VMsafe-like approach.
Nonetheless Microsoft may be working to build the internal know-how needed to achieve the task.

Just two months ago in fact Microsoft acquired a small security firm focused on rootkit detection called Komoku.
As Christopher Hoff, Chief Security Architect at Unisys, recently discovered, Komoku did some research in the past, presenting a solution for Xen where virtual machines can do self-diagnosis and self-healing as well as learning to protect against subsequent attacks.

komoku

As a sort of irony, to develop its prototype Komoku took some inspiration from the work of Tal Garfienkel and Mendel Rosenblum (Chief Scientist at VMware), presented in 2002.

The adoption of a VMsafe-like framework could greatly benefit Microsoft: while VMware has to rely on 3rd parties (unless they want to leverage the Determina acquisition in a certain way), Microsoft has an entire portfolio of products to integrate with its upcoming hypervisor.

This may put the Redmond company in a privileged position against both virtualization and security competitors which miss each other to provide an out-of-the-box secure virtual data center.

Labels:

Bookmark & share this article Bookmark this article   |   Email this article   |   Subscribe to virtualization.info Newsletter RSS Feed Twitter Live Messenger Alerts

1 Comments

Anonymous Kevin Amorin Wednesday, May 28, 2008 12:20:00 AM  
It will be interesting to see how the market reacts to VMSafe in late 2008- early 2009 when ESX 4 is being rolled out and VMSafe enabled VMs are available. That gives Microsoft and Xen about a year to come up with an answer.

Microsoft has two options, to become the single security player for Hyper-V, or follow VMWare and try and create a ISV ecosystem around a hypervisor security API.

I believe Microsoft purchased Konoku to roll their technology into a Hyper-V Windows Defender product. This would allow Windows Defender to take advantage of the benefits of malware detection from outside the operating system, and at the same time offering a security option to secure multiple Hyper-V guests.

It would be interesting if Microsoft worked with Citrix to make available the Virtual Machine Introspection (VMI) interface that Komoku developed to both Xen and Hyper-V. This would effectively create a second standard to VMSafe, “Hyper-VMI” which could be used across all Xen and MS environment.

Add New Comment

virtualization.info Job Board
View All Jobs
Post a Job
About virtualization.info  |  Advertise  |  Contact  |  Subscribe  |  Sitemap
Copyright © 2003-2009 virtualization.info. All rights reserved.
virtualization.info Editions: 日本語  |  iPhone™
virtualization.info Network: virtualization.info  |  virtualization.tv  |  Virtualization Congress