Hypervisor Architecture and the Trust Boundary

Both designs virtualize hardware, but the trust boundary and attack surface differ. Hover a band for detail.

Type 1: hypervisor on hardware.
Cloud providers use this.
Guest OS + Apps Guest OS + Apps Guest OS + Apps Hypervisor ESXi / KVM / Hyper-V CPU / RAM / NIC / Disk VM escape ?
Type 2: hypervisor as application.
Developers use this.
Guest OS Guest OS Hypervisor VirtualBox / VMware Workstation Host OS Windows / macOS / Linux CPU / RAM / NIC / Disk Larger attack surface - host OS bugs can affect all guests.

Back to Documentation