So Brandon Baker is a senior guy on the Hyper-V team.  I just came across this blog post of his: http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspx
If you read my blog - you may have seen my blog from CanSec where Oded did a presentation on VMWare's new VMSafe initiative / APIs and how shocked myself and many other attendees were at what VMWare was proposing.  They in fact seem to be heading in the exact opposite direction as us with respect to their hypervisor / VMM.  They appear to making their VMM / hypervisor attack surface potentially very large whereas we seem to be striving to keep ours as small as possible.  In fact, if you read Brandon's post above - it is very reflective of the mentality that currently exists within product teams today at Microsoft (largely due to the great work of Michael Howard / the SDL / the SWI team and the great work of the feature teams who take the SDL to heart and try to go above and beyond the requirements).  Brandon talks about a DFD - or data flow diagram and how it's very important to identify all of the ways data can get into and out of your application.  This is huge (and one small part of the SDL process).  Once you have identified all of those entry / exit points you can go about validating data / assumptions / fuzzing / building layered defenses etc.  Brandon also mentions that our hypervisor will be small - ~600kb . . . this is very much what I would expect.  You want small, well examined code if it's super critical - and the hypervisor is all sorts of super-critical.  We've taken a tremendous beating in the press for how long our stuff takes to ship these days (but interestingly no one seems to be interested as to *why* stuff takes longer to ship now) . . .

We shipped Server 2008 before hyper-v was done and I firmly believe that was the right call as I would rather have a solid, well tested, insanely secure hypervisor that I can trust vs. one that was rushed to make some arbitrary ship date. 🙂  So who will have the best, most secure hypervisor in the coming years?  I'm not a betting man . . . but I believe I know which one I'd vote for. 🙂

Comments (0)

Skip to main content