NSA worked with Intel and AMD on hardware access control for hypervisors

While VMware develops secure virtual machines for the NSA, the NSA develop secure virtual machines for everybody. Or at least this is what InfoWorld is reporting.

The National Security Agency believes that certain hardware components like display cards or network cards, which are shared between all virtual machines, could be used to cross the software limits imposed by the hypervisors.

To prevent such threat the NSA worked with CPU vendors AMD and Intel on the next generation of virtualization extensions so they can prevent a certain virtual machine from accessing certain hardware components.

AMD calls this technology device exclusion vector and plans to announce it this year.

It will interesting to see how this new feature (assuming that virtualization vendors will support it in their hypervisors) will impact the migration processes like VMware VMotion.

Update: The InfoWorld article mentioned in this post contains some inaccuracies: the device exclusion vector (DEV) technology is available in AMD CPUs since at least 18 months.