They're wading through codebases that are too complex. @QubesOS has it right: Security organized around a small, bare-metal hypervisor.
-
This Tweet is unavailable.
-
-
"Design a system" to concentrate potential security flaws into a small layer that lends itself better to debugging, effective administration
1 reply 0 retweets 1 like -
This Tweet is unavailable.
-
I agree on the "hypervisors are new kernels", but at least they tend to have less API growth
1 reply 6 retweets 10 likes -
Yep. Smaller attack surface is more defensible. This is actually an old story.pic.twitter.com/zH5fxUcNjh
1 reply 1 retweet 2 likes -
This Tweet is unavailable.
-
This Tweet is unavailable.
-
This Tweet is unavailable.
-
The HVM hypercall API isn't very big. Mostly physical memory ops, vCPU ops, physdev stuff, evchans and sched-related stuff.
1 reply 0 retweets 2 likes
I'm optimistic about PVH as attack surface reduction.
7:09 AM - 29 Apr 2017
1 reply
4 retweets
7 likes
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
- 3 more replies
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.