|
|
|
|
|
|
by dale_glass
698 days ago
|
|
|
Security is easier when the attack surface is limited. An OS provides a huge amount of functionality and offers access to vast amounts of complex shared resources. Anywhere in that there can be holes. A VM is conceptually simpler. We don't have to prove there's no way to get to a root exploit from a myriad services running as root but available to a normal application. We're concerned about things like that a VM won't access a disk belonging to another. Which is a far simpler problem. |
|
|