Author_Institution :
Thomas J. Watson Res. Center, IBM Corp., Yorktown Heights, NY
Abstract :
It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems. In reality, the security of a single system running in a virtual machine can never be as secure as that single system running in its own dedicated physical hardware. If for no other reason, the security of that system in a virtual machine depends on the correct operation of both the operating system and the hypervisor software, while in a dedicated physical computer, it depends only on the correct operation of the operating system. The VMM case always has more opportunity for exploitable security flaws. While many people view virtual machine monitors as something special and different, in realty they are just special-purpose operating systems. The major difference is that the API to a virtual machine monitor is the instruction set of the virtual machine, while the API to an operating system is a set of system calls to manipulate processes, file systems, perform I/O, etc. To the extent that a particular VMM uses paravirtualization, it begins to look more like a classical operating system than a VMM.
Keywords :
application program interfaces; operating systems (computers); security of data; virtual machines; API; application program interface; hypervisor software; operating system; virtual machine monitor security; Computer security; Control systems; Hardware; Information security; National security; Operating systems; Physics computing; Virtual machine monitors; Virtual machining; Virtual manufacturing; Security; Virtual Machine Monitors;