There is quite a bit of documentation on bare metal or Type 1 hypervisors, including my own book, VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment, but there is not much material on the proper security of hosted environments, or Type 2 hypervisors, such as Microsoft Virtual Server, VMware Workstation, Fusion, Player, or Server as well as Qemu, Virtuozzo, or OpenVZ.
There is an interesting discussion about this on the VMware Communities on just this subject. It is interesting given the vulnerability being discussed is CVE-2009-1244 (or VMware’s ID VMSA-2009-0006) which relate to Guest Operating System driver vulnerabilities in hosted environment. It relates specifically to paravirtualized video drivers allowing the possibility of code to run within the host from within the Guest OS. In other words, escaping the VM. Continue reading Hosted Virtualization Security – Type 2 Hypervisors