The upcoming set of VMware APIs known as VMsafe has the potential to dramatically change the way we secure data centers today.
If the technology will be widely adopted by security vendors it’s clear that VMware competitors will try to replicate the approach or further innovate it. But until a clear, positive answer from the market, the most obvious strategy is to raise some (absolutely legit) security concerns about VMsafe and its capability to expose part of the hypervisor for new attacks.
So far Microsoft didn’t took an official position about the topic but virtualization.info had the opportunity to speak with several representatives who clearly stated how carefully the company is evaluating the security implications of a VMsafe-like approach.
Nonetheless Microsoft may be working to build the internal know-how needed to achieve the task.
Just two months ago in fact Microsoft acquired a small security firm focused on rootkit detection called Komoku.
As Christopher Hoff, Chief Security Architect at Unisys, recently discovered, Komoku did some research in the past, presenting a solution for Xen where virtual machines can do self-diagnosis and self-healing as well as learning to protect against subsequent attacks.
As a sort of irony, to develop its prototype Komoku took some inspiration from the work of Tal Garfienkel and Mendel Rosenblum (Chief Scientist at VMware), presented in 2002.
The adoption of a VMsafe-like framework could greatly benefit Microsoft: while VMware has to rely on 3rd parties (unless they want to leverage the Determina acquisition in a certain way), Microsoft has an entire portfolio of products to integrate with its upcoming hypervisor.
This may put the Redmond company in a privileged position against both virtualization and security competitors which miss each other to provide an out-of-the-box secure virtual data center.