OpenBSD developer notes king’s clothing is “virtual”

Theo de Raadt explains why virtualization does not improve security. How about this: to improve security, you have to have a secure design, a marketing buzzword won’t do the trick. Anyone who has seriously looked that the current generation x86 virtualization hardware knows that it does not provide clean separation or levels of security. It is possible, with great care, to use it in a way that improves some types of security, but mostly it seems like a way of justifying the use of SUV monster servers.

If you look at Xen code, for example, you can see that it copies huge chunks of Linux. The argument seems to be that if Linux does not have security and fails to efficiently allocate resources, Linux+ModifiedLinux will do a better job, somehow. There’s no reason to believe this will happen and many reasons to believe that it will, in fact, make security more elusive. That’s not to either argue against virtualization as a useful technique: our RTMS uses a type of virtualization and we have a lot of customers who love VMWare, but the hype-ervisor is disconnected from reality. The delusion that making arbitrary divisions in software can reduce complexity is a persistent one, but it has no basis.

Advertisements