Startup Taps Virtualization To Stop Security Threats

Bromium takes the "trust no one" tactic, uses micro-virtualization to secure the network against potential threats introduced by users.
"There's no reason why you can't download Angry Birds. It just won't be trusted," said Crosby. And if malware planted in Angry Birds tries to access the C drive, the micro-VM will pause, handing control off to the Microvisor. It will ask whether a file freshly downloaded from the Internet is trusted and decide no, and access won't be granted.

"The Microvisor assumes the code is untrustworthy," unless it has a policy that says Angry Birds normally accesses the file, said Crosby. Likewise, a downloaded program for doing a currency conversion would be assigned a micro-VM in which it would carry out its calculations. If it contained hidden code that sought to report to an outside website or download more code, that move would be blocked as not allowed under its restricted trust level.

Any potentially vulnerable operation is conducted inside a micro-VM, and micro-VMs are isolated from each other, much as virtual machines are isolated from each other on a shared host. Without explicit permission to do so, a micro-VM cannot access a trusted network, view enterprise files, or gain access to the system's I/O process, Crosby said.

The Microvisor assumes the application code may have been corrupted or may be trying to make changes to the Windows operating system. If such an event occurs, the changes will be discarded when the micro-VM is shut down. A fresh copy of the Microvisor is verified upon the next system startup by VT-x, and it starts checking the integrity of all micro-VMs generated. Crosby claimed the overhead induced by Bromium's operation is not detectable to the end user.

The Microvisor itself is a small attack surface. Since it works closely with virtualization extensions in the hardware, it will be under 100 megabytes as it is finished, said Crosby, or "a few tens of MBs" as a Bromium whitepaper described the Microvisor. That is much smaller than Citrix's XenServer, VMware's ESX Server, or Microsoft's Hyper-V.

Bromium Microvisor is still in prerelease form. The firm is now signing up potential beta users at No date has been set for general availability. The Microvisor currently only works with Windows desktops and laptops and Windows-based mobile devices.

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity Dark Reading supplement shows how to strengthen them. (Free registration required.)