Bumpy History of Virtualization Research

In the 1960s Virtual Machine Monitors (VMMs) gained popularity as a compelling technology for multiplexing the expensive Mainframe computer among multiple applications. The 1980-2000 period saw a decline in this interest as multiplexing operating systems and reduced hardware costs superseded the need to purchase expensive mainframes. The 21st century has again seen a revival of VMM research because of an entirely opposite reason - the proliferation and increasing ubiquity of computing devices and the resulting under-utilization of resourses and the difficulty of management, configuration and security of large networks of machines.

Security through Virtualization

VMMs offer the potential to restructure existing software systems to provide greater security, while also facilitating new approaches to building secure systems. Current operating systems provide poor isolation, leaving host-based security mechanisms subject to attack. Moving these capabilities outside a virtual machine—so that they run alongside an operating system but are isolated from it—offers the same functionality but with much stronger resistance to attack. Placing security outside a virtual machine provides an attractive way to quarantine the network—limiting a virtual machine’s access to a network to ensure that it is neither malicious nor vulnerable to attack. By controlling network access at the virtual machine layer and inspecting virtual machines before permitting (or limiting) access, virtual machines become a powerful tool for limiting the spread of malicious code in networks.

Virtualization Security Technology Tools

Whereas previously core virtualization tools used to be completly propertiery (such as VMWare), today opensource VMM like Xen have spurred a lot of interest from the research community causing many exciting new products to emerge such as User-mode Linux, QEMU, Parallels Workstation and Microsoft Virtual PC. Even VMWare has released free versions of their products such as the VMWare server and player. Our group mainly focuses on extending the Xen hypervisor for security.