Security Limitations of Virtualization and How to Overcome Them (Transcript of Discussion)

Abstract

Many of the ideas I will present were developed in collaboration with Jonathan McCune, Bryan Parno, Adrian Perrig, Amit Vasudevan and Zongwei Zhou over the past couple of years. I will begin the presentation with my “axioms” of insecurity and usable security. These axioms are in fact observations that I believe will be true in the future. Then I will review virtualization for security and experiences that we have had with it practically since day one. I will also review the limitations of virtual-machine isolation for application-level code and usable security. And finally, the main proposition of this presentation is that we should switch our attention from virtualization and virtual-machine isolation, to redgreen machine partitions, which is somewhat of a new area, and to trustworthy communication. I will argue that trustworthy communication requires more than secure-channel protocols.