zlacker

[parent] [thread] 1 comments
1. krylon+(OP)[view] [source] 2016-03-12 11:46:04
> Microsoft is doing all sorts of things for security.

Indeed they are. Compared to Windows XP (pre-SP2), Windows has come an incredibly long way.

I just cannot help thinking that if they used virtualization the way Qubes OS does, they could both incrase isolation of applications and maintain backwards compatibility without having to jump through the countless hoops I imagine Windows developers must meet on a regular basis.

Hyper-V could be a very nice foundation for such an approach, at least in my fertile imagination. ;-)

replies(1): >>nickps+Oh
2. nickps+Oh[view] [source] 2016-03-12 17:13:09
>>krylon+(OP)
Oh, I agree with that. It could be a benefit on top of what they have. A Dom0/hypervisor solution from them could actually be safer given they have tools for mathematically verifying both driver interactions and low-level system code. SLAM has been applied to drivers for years now. HyperV was verified with their VCC toolkit. So, they'd be a stronger than average foundation.

The best route for isolation, though, is to apply one of the industry separation kernels or virtualization schemes from CompSci that leave more untrusted. Good news is that I found a great document that describes MILS in detail plus some prior work and terms:

http://www.euromils.eu/downloads/2014-EURO-MILS-MILS-Archite...

GenodeOS is OSS built similar to MILS from European CompSci:

http://genode.org/documentation/general-overview/index

[go to top]