Making Xen virtualization safer with XenAccess
XenAccess, a Georgia Tech-hatched project that aims to bring VMsafe-esque capabilities to the Xen project, may provide a way to give Xen great security at the hypervisor level.
I just came across this post by Rich Miller, pointing to the XenAccess, a potentially valuable open-source project that aims to bring VMsafe-esque capabilities to the Xen project.
Hatched at Georgia Tech in 2007, the project hasn't been moving very fast, but perhaps its time has come? That depends on the importance of VMsafe, to some extent. As for VMsafe:
VMware VMsafe is a new security technology for virtualized environments that can help to protect your virtual infrastructure in ways previously not possible with physical machines.
VMsafe provides a unique capability for virtualized environments through an application program interface (API)-sharing program that enables select partners to develop security products for VMware environments. The result is an open approach to security that provides customers with the most secure platform on which they can virtualize their business-critical applications.
Could Xen benefit from enhanced security? Of course, just as VMware does. VMsafe enables third-party security vendors to check security of virtual machines at the hypervisor level, scanning incoming and outgoing traffic to get excellent visibility into the virtual machine, and thereby to protect it. Adding this to Xen would be a big win.
It's just a question of whether the project can evolve from Georgia Tech into a broad, industrywide effort to improve Xen's security. Given that Xen started as a Cambridge University project and ultimately gained support from Intel, Red Hat, and others, perhaps the odds are in XenAccess' favor. We'll see.