VM-based Security Overkill: A Lament for Applied Systems Security Research

Virtualization has seen a rebirth for a wide variety of uses; in our field, systems security researchers routinely use it as a standard tool for providing isolation and introspection. Researchers' use of virtual machines has reached a level of orthodoxy that makes it difficult for the collective wisdom to consider alternative approaches to protecting computation. We suggest that many scenarios exist where virtual machines do not provide a suitable tool or appropriate security properties. We analyze the use of virtual machines in the systems security space and we highlight other work that questions the current (ab) uses of virtualization. The takeaway message of this paper is that "self-protection" mechanisms still represent an interesting and viable path of research. At some point, hypervisors (or whatever the lowest layer of software, firmware, or programmable hardware is) must rely on detection and protection mechanisms embedded within themselves.