Virtualization's Dark Side!?!?!?

Virtualization's Dark Side

Forbes reporting on security risks in virtualization. So expect CEO's and CFO's to kick emails off to CIO's asking them about it. It's Joanna Rutkowski and Jon Uberheide (Wolverines!!).

Joanna is talking "virtual machine escape" or "hyperjacking" and "blue pills" which are basically taking control or injecting a malware hypervisor. Jon thinks its going to be an intercept during a VMotion or a "live-machine migration".

"Rutkowska and Oberheide both say that the attacks they discussed are likely too new to have ever been used by real-world cybercriminals. Security researchers say that virtualization-based attacks aren't likely to be common"

So it's theoretical at this point and that's sort of good news but with Virtualization becoming more common place, the potential exists for security issues.

Forbes cites IDC and says

"Virtualization usage grows--at the breakneck speed of around 40% a year, according to a 2007 report".

I am also interested in what IBM (ISS's X-Force) is doing

"an 18-month-old research initiative called PHANTOM, devoted to protecting virtual machine hypervisors from hackers."

I know they did some R&D on sHype.