The co-founders of the open source Xen server hypervisor project at Cambridge University who commercialized it as XenSource and sold it for $500m to Citrix Systems in September 2007 have left Citrix to do their fourth startup, called Bromium. The startup, which is still operating in stealth mode, announced its existence and the …
Does not surprise me in the slightest
Judging from the time Xen vacancies linger on jobserve there will be more. Much more.
Security is an OS feature, not a hypervisor feature, no?
The goal of the hypervisor is (afaik) to make apps think each one is in a separate unrelated machine (the app should not know whether it is in a VM or running native).
The goal of the end user (and the application designer, and...) is to allow independent apps to securely share data.
If the independent apps are in totally secure totally independent machines (be they virtual or real) then by definition they cannot share data.
If you trust the hypervisor to manage the sharing of data, then actually all you have done is opened up a whole extra layer of opportunities for failures and exploits. OK there may be fewer available exploits than in a native Window box...
Anyway unless the data gets magically from the Window app to the hypervisor without using any of the usual Windows mechanisms (which would subject it to the usual Windows security vulnerabilities), any apparent additional security is a mirage because the data is still vulnerable while it is on the Window box, no?
Where's the opportunity, please? What, other than HYPErvisors being trendy, have I missed?
[For Window box please also read Linux box, depending on personal preference. There are OSes capable of delivering proper multi-user security but Windows isn't one, whereaas an SELinux arguably might be ]
In the Virtual World is Nothing Impossible that Digital Delivers . Be Careful What You Wish For.
The hypervisor is just an advanced information filtration unit.... mega meta data processor working to an algorithm/fluid protocol. Intelligence is thus filtered through a bias intent on mega meta data processor working to an algorithm/fluid protocol, and algorithm change is a default progressive step and quantum leap.
Adjust the Algorithm, Change the Output.
"Doesn't compete" my arse
Hmm. At a start-up, cycles spent maintaining open source projects better return big-time or else you're doomed to be yet another smart, passionate bunch of people with a great idea who can't execute.
So, this sounds like some sort of competitor to VMware vShield. Let's face it: AWS and all the Xen clouds have almost no virtual layer 2 and stateful firewall story, neither does OpenStack. Vmware, meanwhile, despite incurring the wrath of CCIEs everywhere by daring to reconfigure a virtual L2 network automatically without asking, has really moved the discussion on cloud networking forward. So, for Citrix et al, some sort of distributed switch / openflow hybrid thing with virtualization smarts would seem like a large hole. A version that runs on VMware would be necessary, for on premise deployment and at vCloud public providers.
They are at least an year late...
Joanna Rutkowska and friends already have something pretty interesting in the field:
A nuke because I never see it in comments!