zoukankan      html  css  js  c++  java
  • Hardware Virtualization

    There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system's "kernel" by preventing it from being modified as a means for thwarting dangerous "root kit" style exploits.

    The idea is that our future operating systems would always be running inside a virtual machine under the watchful eye of an OS "hypervisor." This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines - and even the entire operating system running inside a virtual machine container - would be able to run at 100% full speed, thus making a persistent security-oriented OS "hypervisor" practical for the first time.

    But don't hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.

    However, the other current and real security-related application for hardware virtualization is for running your own virtual machines - at 100% full speed - on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to make online activities much safer.

    This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.

  • 相关阅读:
    html中script标签的使用方法
    css关于浮动的高度塌陷
    canvas用数组方式做出下雨效果
    canvas简易画板。
    html5新标签
    闭包的意义及用法
    字符串的添加方法
    js几种数组遍历方法.
    简易网页打卡页面.
    回忆继承多态
  • 原文地址:https://www.cnblogs.com/smwikipedia/p/1325703.html
Copyright © 2011-2022 走看看