Windows 7 Code/ Microsoft mulls improving hypervis

It looks like Microsoft may be seeking a way to permit developers to hunker behind a safety bunker when making use of the business;s Hyper-V hypervisor.Virtualization.Info internet site has some details on a new analysis project known as “Bunker-V” in which some Microsoft researchers are engaged. (I e-mailed one of them for further comment and explanation but have yet to hear back.)Even without Microsoft comment, the slides from a talk entitled “Improving the Security of Commodity Hypervisors for Cloud Computing,” which was part of the seventh annual Microsoft Analysis Networking Summit (which convened the first week of June), are fairly self-explanatory. (The authors, in addition to Microsoft researchers, include representatives from University of Illinois at Urbana-Champaign and the University of Wisconsin.)The Virtualization.Information site (which I found via a tweet from Microsoft blogger Steven Bink on June 15) has a good synopsis of the Bunker-V task:“The Bunker-V method implies the removal of unnecessary virtual devices for guest OSes in the cloud (like floppy, keyboard,Microsoft Office 2007 Standard, mouse, monitor or serial ports) and the removal of legacy virtual devices (like the keyboard controller or the ISA bus).“Unfortunately this last category of interfaces is required to boot the guests so Microsoft is suggesting a new method for booting called delusional boot that boots the OS on a separate note,Office Professional, isolated from the production data center.”Bunker-V can improve the safety of hypervisors for cloud computing by reducing the at-risk “trusted computing base” (TCB) surface. The TCBs for “commodity hypervisors” like Xen and Hyper-V consist of “tens of millions of lines of code,Microsoft Office 2007 Professional Plus,” according to the presentation, leaving these hypervisors open to attacks from guest virtual machines (VMs), as effectively as properly as external physical attacks.Bunker-V is focused on reducing the TCB attack surface by minimizing the interface between the TCB and guest VMs by eliminating unnecessary virtual devices. Microsoft says that this approach can reduce the TCB by 79% while retaining high performance for legacy OSes.Here are a couple of slides from the Bunker-V presentation highlighting the virtual device categories and architecture of the undertaking:There is no detailed information and facts about Bunker-V on the Microsoft Analysis site. There is, however, specifics on a study task called Bunker. “Bunker is a network tracing system that offers strong privacy while simplifying the development of network tracing software,” according to the web page. (Network tracing is, as its name suggests, a way to trace material about network traffic and other related facts from an application. Network tracing is used to debug applications that are in development or already deployed.The same Microsoft researchers working on Bunker-V — Stefan Saroiu and Alec Wolman — were part of a team that presented a paper on Bunker, calling it a “privacy oriented platform for network tracing,” at the Usenix conference in April 2009.So far,Office 2010 Key, there;s no further material as to when,Windows 7 Code/, how or if Microsoft is planning to move this venture from study to commercialization. There;s also no details as to how it would be incorporated with the existing Hyper-V technology. If/when I hear back from the Softies about the job, I;ll update this post.