Hardening the hardware management
There are two aspects of hardware management: one involves providing physical hardware to virtual machines securely, while the other involves providing virtual hardware securely.
Physical hardware – PCI passthrough
As the IT world is moving towards a more complete virtualization of the system, the need to use more than the classic CPU, RAM, storage and networking in virtualized environments is becoming more and more common. One of the most common scenarios is the need to access from virtual machines to video cards and GPUs for high performance Compute Unified Device Architecture (CUDA). A lot of hypervisors give you this kind of capability, but it brings two possible security risks.
Direct Memory Access (DMA) is a feature that allows many hardware devices to access the machine RAM directly and without any control. This feature allows the device to have a huge latency reduction in the read and write operations, so many low-latency devices, such as video cards...
