On 9/20/07, Nick Holland <[EMAIL PROTECTED]> wrote: > > Can someone please inform me if this is a really bad idea or not, > > ideally with some nice reasoning? > > > > > > Cheers, > > Josh > > Read this: > http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/ > Read the paper linked there as well. Always good to go back to original > source material. > > Anyone who told you VM technology and security had anything to do with > each other was full of doo-doo.
I'll echo Nick's statements here. Virtualization does not provide reliable enough segmentation to rely on for security assurance. Do not buy into the market smack the vendors are putting out about it. As far as that goes, the more time goes on, the weaker the assumption of virtualized segmentation becomes. Research from IntelGuardians and other groups appears to be coming closer to completely unraveling virtualization security, at least in terms of how it's implemented in VMware for example. See also CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, and CVE-2007-4496. DS
