Re: OS virtualization at the desktop

[Graham Toal <gtoal () UTPA EDU>]

> Are there opportunities to improve security at the desktop 
> using virtualization?

Yes, but I expect it will take some discipline and politicking to make
it
happen:

1) completely secure the outer-level environment, using every
trick you know.  Make it so that only legitimate work can be
done on the 'real' machine.  No mail, no web browsing etc.  Just
spreadsheets, docs, printing etc.

2) have a VM inside this which is less strictly controlled, *but*
which is considered temporary and is reset to a know state from
a central server periodically.  This is where people do their
email, browsing etc.  You do not allow anyone to access sensitive
data within this environment.  (either by policy or by software
if at all possible)

In principle it should be impossible to break out of the VM into
the real machine; whereas if someone broke into the real machine
you should assume they have full access to the VM as well, which is
why there's no point in distributing a secure VM image to insecure
desktops.

I say 'in principle'.  There does exist the possibility that some
vm vendor extensions might be abused in order to escape to an outer
level.  But if there were no vendor back doors and the software was
reasonably well written, then it ought to be a captive environment.


Graham