stalking myspace commentshide myspace contact boxfree dark myspace layoutshacking a myspacesunset tan myspaceaustralian flag myspace layoutmyspace mobsters overdrivemyspace profile snatchermyspace and kelly lisascrollable myspace commentshappy birthday brother myspace commentsmyspace poem codescool myspace tweaks and layoutstomb raider myspace layoutmyspace sunset cliffs layoutjapanese myspace layoutmyspace hide comment boxpeace and love myspace layoutsvalentines layouts myspacemyspace over lapping text generatoremotional myspace layoutsquality myspace layoutshide song myspaceexclusive myspace layoutscop myspace graphicgangsta myspacemyspace comments funny picturesmyspace insultsouthern drive myspacefacebook mary ellen hausejay-z myspace layoutbulletins to post on myspacemyspace comments jailmyspace profile view trackermyspace romantic graphicssites to unblock myspacefacebook hottiemyspace mood codesmyspace paragraph codesneon myspace layoutmicrosoft frontpage to myspacefree myspace layout editormyspace dolphin layoutsdark love myspace layoutsmyspace usa ballroompassword recovery myspacescary graphics for myspacebulletin survey for myspacetim mcgraw myspace layoutspimp myspace pagecustom myspace bannersred bull myspace layoutbackground myspace backgroud xpmyspace hashladybug layouts for myspacemyspace picture creatersdefault myspace layout customdecorating myspace picturesvirtual myspace layoutshiding details section in myspacemyspace countried that i\'ve visitedhide comments code on myspacebackground layouts for myspacemyspace hello kitty graphicshide the details on myspaceamy taylor myspacemyspace slippagebulletin surveys for myspacecancer background myspace layoutsmyspace vampire graphicstrippy myspace backgroundsmyspace tea backgroundalyssa milano myspace pageballerina graphic myspacespiderman 3 myspace layouthappy new year myspace layoutmyspace layout megan foxhappy greetings myspace commentsamerican eagle layouts for myspaceorkut proxy sites facebookmyspace support our troops graphicsmyspace com adult r imyspace proxt sitemyspace samantha richmond kythanksgiving myspace layoutmark harmon myspacemyspace groups layoutsrock graphics for myspacegetting on myspace from schoolrebels man myspace layoutinvisible myspace countersnow myspace layoutmotorcross myspace layoutsfacebook open streamthe spirit myspace layout2.0 layouts for myspacemyspace friendship graphicsengagement graphics for myspacescrubs trivia facebook appfriendster and myspace hot layout

Emily Ratliff: Open Source Security

Syndicate content
A blog about open source and security and open source security
URL: http://www.ratliff.net/blog
Updated: 18 min 14 sec ago

Bare Metal Versus Hosted Hypervisor Security

Mon, 08/09/2010 - 19:22

by George Wilson, IBM Linux Technology Center

I was recently reading through the NIST “Draft Guide to Security for Full Virtualization Technologies” (SP 800-125 draft) [http://csrc.nist.gov/publications/drafts/800-125/Draft-SP800-125.pdf]. It discusses various considerations relating to hypervisor security. One section that particularly struck me was the comparison of bare metal vs hosted hypervisors. These are also known as Type I and Type II hypervisors, respectively. The document states that choosing between them is a critical security decision. That started me wondering if it is actually true that Type I hypervisors offer superior security to Type II hypervisors. While a Type I hypervisor may have a small kernel, it relies on and trusts an entire OS instance in the resource-owning partition (Dom0 in Xen parlance) for device access. So while it might at first blush appear that a Type I hypervisor has a much smaller TCB than a Type II, the TCB is really just in a different place. Given imperfect knowledge of the implementations and similar size, complexity, and maturity, it would seem that Type I and Type II hypervisors would in general offer similar security. I can’t find any solid evidence to the contrary. I’d love to hear from someone who can clarify why the Type I vs Type II distinction is in any way a major factor in hypervisor security analysis.