Hypervisor control: The next phase in the security arms race?

Hypervisor-based virtualised application protection tools enhance security, but there may be unintended consequences

Digital security is an ongoing battle of assisted evolution. Every new iteration of software, hardware or operating system introduces expansive new features and corresponding new vulnerabilities. Companies – not always the ones introducing the vulnerabilities – attempt to combat these weaknesses. On the other side of the battle lines, teams of dedicated hackers try their hardest to exploit them.

The situation is an ever-changing stalemate, in that it seems philosophically unlikely that either side could win outright. If the hackers won then they would disappear overnight, since there'd be nothing left to gain, no system left unhacked and therefore no trusted platforms: back to pen and paper. As for a world without malware? Unimaginable.

Or is it? Some tech companies believe they have the answer, by wrapping running applications in an all-seeing manager or governor, which watches each application's every process and takes action if it sees something suspicious. This is a logical development of the trend for isolating applications to improve security. It can take on many different forms and has become more advanced over the past decade.

At its simplest, running an application within a virtual machine or simulation goes some way toward preventing any infection from reaching the host system. Malware might infect the VM, but once discovered it can simply be switched off and re-imaged as required. At least that's how the theory goes, though sophisticated malware can detect that it's running in a VM and attempt to exploit it, or get out through unsecured network connections.

Then there's sandboxing, perhaps most commonly known for private browsing sessions. Sandboxing allows browsers to run sessions in a safe space, one that's sheltered from the rest of the platform. This helps reduce the risk of cross-infection, though again it's not a perfectly secure approach.

However, so far these approaches have been generally passive. Newer techniques take a more active role in security, using hypervisors to keep a tight rein on what each application under their control is permitted to do.

To continue reading this article register now