On Tue, 4 Nov 2008 13:23:40 -0500 Dennis Boone said: > > What effect would this same hack have on the intended target if the x86 > > system being targeted was running as a guest under z/VM? Wouldn't the > > ill effects be reduced by the wall between virtual guests inherent with > > z/VM? > >The x86 hypervisors have a "wall" between guests too. The first >published exploits of which I'm aware are over a year old now. > >The attack described above would have to be tailored to the x86-on-zVM >environment, but the point is that a hypervisor is a software system and >just as prone to implementation errors and design flaws as any other >software system. > >VM's advantages would appear to be: > >1. Many years of refinement. >2. Less knowledge of its internals in the broad public. >3. Typically more formally engineered security and operating environments
There is a 4th very important that I'm sure Alan will chime in with, EAL, Evaluation Assurance Level. http://www.commoncriteriaportal.org/products_OS.html#OS gives the certified list. VMWare: Name VMware ESX Server 2.5.0 & VirtualCenter 1.2.0 Manufacturer Assurance level Certification date VMware EAL2 27-MAR-06 IBM z/VM Version 5 Release 3 Manufacturer Assurance level Certification date IBM Deutschland Entwicklung GmbH EAL4+ 28-JUL-08 EAL4+ is new. Last I looked, z/VM 5.2 was EAL3+ I believe, when I looked back in mid July. These are industry standards that you can show your management. /ahw
