1

From a security perspective, which type of hyper-visor cloud is more secure - one that runs on bare-metal (using minimal boot strap build into hyper-visor) or one which is loaded as a part of the OS as an application or service? And why?

Anders
  • 64,406
  • 24
  • 178
  • 215
Ijaz Ahmad
  • 1,592
  • 1
  • 11
  • 20

1 Answers1

1

I would say as a generalization that bare-metal hypervisor is more secure. As with any system when you add more software you add more attack surface. So let's take any hosted hypervisor out there. Instead of just dealing with the hypervisor attack surface you also have the OS vulnerabilities to worry about.

Igliv
  • 361
  • 1
  • 10
  • Thanks , but the bare metal itself is a strip down version of OS. isn't it? so in case of hosted one you may decrease the attack surface , by using the minimal install of OS. so my point is that , is the attack surface is the only point from security perspective? – Ijaz Ahmad Apr 06 '16 at 10:57
  • I think attack surface is the main issue. In general I think it's easier to write a more secure product on "your own" OS rather than on a hosting OS where you have less control. – Igliv Apr 06 '16 at 11:18