In this talk, I will summarizing advances in academic research for mechanisms that use Virtual Machine Monitors (VMMs) to increase the security of commodity systems. Commodity systems are often required to support functionality required by legacy applications that is often at odds with security. For example, commodity systems feature dynamic extensibility, and many commodity applications require super-user privileges to run. As a result, commodity system users often experience difficulties when trying to retrofit such systems to be secure. VMMs operate at a level that is invisible to software in commodity systems, thus providing a means to secure commodity systems transparently. This enables computer users to elide many of the issues that arise when trying to retrofit security onto commodity systems that have not been designed with security as a priority. VMMs also naturally provide features that are well-suited for improving security, such as strong isolation among Virtual Machines, and a higher level of assurance and reliability than commodity systems due to their smaller code base and leaner interface. Some of the security issues we will be looking at will be how VMMs can perform both signature-based and signature-free detection of intrusions, root-kits and covert malware, aid trusted computing and remote attestation, check for intrusions after the discovery of a zero-day vulnerability, and provide interim protection for such vulnerabilities until a patch is available and has passed acceptance testing.
