• caglararli@hotmail.com
  • 05386281520

Does emulation/software virtualization provide more isolation/security vs hardware virtualization?

Çağlar Arlı      -    11 Views

Does emulation/software virtualization provide more isolation/security vs hardware virtualization?

From my understanding:

  1. I can emulate many different architectures and systems with qemu as a user(mode) process.
  2. There is separate user address space per process.
  3. If a malicious process were to escape emulation it could compromise the user of the process and then get root from there.
  4. Due to the high privileges needed for hardware virtualization, if a malicious process were to escape hardware virtualization the process would usually be able to directly get root.
  5. For hardware virtualization if there was a flaw in the hardware (implementation of Intel VT/AMD-V) a malicious process in a guest would have an easier time to exploit the hardware flaw than if it were in an emulated environment.
  6. Paravirtualization/direct hardware access to other resources increases risks, but not relevant to the general question here.

Is this right? Does this make emulation/software virtualization more secure/isolated than hardware virtualization?