How secure are VMs (Virtual Machines)?
A virtual machine is software that can abstract the hardware of a computer such that an isolated operating system can run as a guest on top of a host computer hardware and operating system. Often a virtual machine is more than just an application running as a process on the host operating system. A VM using hardware virtualization uses features of the computer hardware that allow virtual machine isolation.
Virtual machines are one solution to the concept of creating an isolated, convenient, and secure environment that can be used and abused without the same risk of damaging a host computer to name just one benefit of running multiple operating systems on the same hardware at the same time.
An other solution to this concept is to use what is called a container. Docker is one container option out there and there are pros and cons with each solution. A container is in contrast to a VM a process that runs on the host operating system.
Lastly, to recognize the convenience, security, and power that VMs provide it is important to mention an operating system that I find fascinating called Qubes OS. Qubes uses a design model called DOM such that each process a user invokes can be opened inside of its vary own VM that is in complete isolation from the main DOM Qubes calls DOM0.
I find the features in Qubes fascinating. The main idea is that VMs are available to use such that a potentially malicious process can be examined inside of a quickly opening new and isolated VM then the VM can be completely destroyed when the triage of potentially malicious code is complete.
Resources:
https://www.vmware.com/solutions/virtualization.html
https://www.docker.com/resources/what-container
https://www.qubes-os.org/
https://en.wikipedia.org/wiki/Hardware_virtualization
https://blog.invisiblethings.org/
https://www.se-radio.net/2017/05/se-radio-episode-290-diogo-monica-on-docker-security/
Virtual machines are one solution to the concept of creating an isolated, convenient, and secure environment that can be used and abused without the same risk of damaging a host computer to name just one benefit of running multiple operating systems on the same hardware at the same time.
An other solution to this concept is to use what is called a container. Docker is one container option out there and there are pros and cons with each solution. A container is in contrast to a VM a process that runs on the host operating system.
Lastly, to recognize the convenience, security, and power that VMs provide it is important to mention an operating system that I find fascinating called Qubes OS. Qubes uses a design model called DOM such that each process a user invokes can be opened inside of its vary own VM that is in complete isolation from the main DOM Qubes calls DOM0.
I find the features in Qubes fascinating. The main idea is that VMs are available to use such that a potentially malicious process can be examined inside of a quickly opening new and isolated VM then the VM can be completely destroyed when the triage of potentially malicious code is complete.
Resources:
https://www.vmware.com/solutions/virtualization.html
https://www.docker.com/resources/what-container
https://www.qubes-os.org/
https://en.wikipedia.org/wiki/Hardware_virtualization
https://blog.invisiblethings.org/
https://www.se-radio.net/2017/05/se-radio-episode-290-diogo-monica-on-docker-security/
Comments
Post a Comment