No subject

Sat Sep 24 00:49:04 UTC 2011

clipboard/file sharing (not over the network, I mean the sharing
provided by the hypervisor) and the virtualisation drivers for
networking and graphics.

Certain hypervisors (e.g. VMWare) will do memory sharing between guests,
allowing one to over-utilise the host memory.  Obviously memory (by the
page, I think) can only be shared when it is considered identical
between guests.  Perhaps it would be possible to subvert this somehow
and have one guest inject malicious code into another?

Once they have the hypervisor, they could conceivably do lots of things
but probably only to the guests.  And security measures within the
guests would probably be unable to detect the breach as, from their
point of view, there isn't even a hypervisor in play.

Some hypervisors can expose services to the outside world, such as
remote desktops and guest control, but like any service you'd run;
that's something you'd be accounting for in your firewalls etc.

Mostly it comes down to only exposing what services you need and making
sure each guest is secured just like any other computer on your network.
 Certainly if it's Windows!  And the merry japes to trying to convince
the firewall/AV to /not/ shit all over your virtual network [*shakes
fist at Symantec*].

Of course, there is always the possibility that the hypervisor itself is
evil, you didn't download it from did you? :)

I use Virtualbox for personal stuff and VMWare Workstation for my job.
They both kinda do the same thing, but I prefer Virtualbox.  They're
both type 2 (hosted) hypervisors and not what one would use for proper

I'd be happy yo help with a talk on virtualisation, my own level of
knowledge is basic & bullshit (see above :D).

Jason Irwin

More information about the Nottingham mailing list