Five Immutable Laws of Virtualization Security

Here they are:

Law 1: Attacks against the OS and applications of a physical system
have the exact same damage potential against a duplicate virtual system.

Law 2: A VM has higher risk than its counterpart physical system
that is running the exact same OS and applications and is configured
identically.

Law 3: VMs can be more secure than related physical systems
providing the same functional service to an organization when they
separate functionality and content that are combined on a physical
system.

Law 4: A set of VMs aggregated on the same physical system can only
be made more secure than its physical, separate counterparts by
modifying the configurations of the VMs to offset the increased risk
introduced by the hypervisor.

Law 5: A system containing a “trusted” VM on an “untrusted” host has
a higher risk level than a system containing a “trusted” host with an
“untrusted” VM.

I have been getting interesting reactions to these. Some say they are wrong. Some say they are common sense. Some just don’t like the word "immutable." I think they serve to clarify some of the confusion that comes up when discussing virtualization by applying fairly straightforward risk management principles.

See this Burton Group blog post for more discussion. If you are a Burton client, you can also download the full report from our research library.

I would enjoy hearing about any scenarios that you think make the laws mutable, as it were ;-)

Fiv

2 comments for “Five Immutable Laws of Virtualization Security

  1. January 8, 2008 at 10:40 pm

    Are Virtualization Laws That Are Immutable, Disputable?

    A few months ago, Pete Lindstrom shot me over the draft of a Burton paper on virtualization security. We sputtered back and forth at one another, I called him names, and then we had beer later. The title of the

  2. March 26, 2009 at 9:59 am

    Security by Isolation

    Joanna Rutkowska highlights the value of “security by isolation” (hat tip: Hoff) after her recent research on SMM bugs. The isolation she is advocating relates to the virtualization capabilities being added to Intel and AMD chips. Clearly, there is a b…

Comments are closed.