Security is fundamentally Broken
Security is often deployed as an extension to a well-defined component of the operating system and its applications. For example, anti-virus software operates as an addition to the file system, examining accessed files against signature lists. Another example is the firewall, which operates as an extra element to the network stack to monitor access to network resources. Similarly, host intrusion prevention systems (HIPS) control an application’s access to processes, services, registry databases, documents, scripts, and more. Nevertheless, all these efforts to provide comprehensive user and system software security have proven inadequate.
The problem is this: operating system and application vendors often differ on how to protect common assets, such as documents, photos, and videos, while preserving the privacy and confidentiality of user activities. For end users and IT managers who seek comprehensive security coverage for personal and corporate assets, this leads to heterogeneous, incompatible solutions from a variety of vendors that manifest performance and manageability challenges.
Most difficult of all, software security solutions operate at the same privilege level as the malware they defend against. An effective, high-quality, low-overhead security solution must balance ideal defenses against the available monitoring and control methods provided within a specific operating system. For example, it is difficult to isolate and repair malware infections in system memory due to the absence of adequate, consistent functions across operating systems. This prevents the operating system from being fully trusted and leaves computer systems vulnerable to serious rootkit and Trojan attacks.
The security architect’s dilemma is not the same for the malware developer. Malware authors do not have to adhere to any legal or product quality practices like performance, stability, and compatibility. Furthermore, malware code can and does employ destructive and improper techniques to compromise the system. A typical example is malware exploiting software buffer overflow vulnerabilities for code injection.
Fortunately, a potential solution to these problems emerged when virtualization became a key capability supported by processors a few years back. Security experts believe that virtualization is a new avenue to securing operating systems from outside threats.
In reality, the benefit of these efforts has been limited, largely because of the following:
A focus on device virtualization and workload migration features leading to a large trusted computing base (TCB) for the virtual machine monitor (VMM). which is at odds with optimal security properties
Performance of VMMs optimized for multiple virtual machines sharing the same physical resources.
Costs incurred by adding security slows virtualization.