Microsoft is actively researching to develop more efficient and secure architectures for its hypervisor. While most of this work remains undisclosed in the Research labs, a few things are being shown in public events.
“Bunker-V approach implies the removal of unnecessary virtual devices for guest OSes in the cloud (like floppy, keyboard, mouse, monitor or serial ports) and the removal of legacy virtual devices (like the keyboard controller or the ISA bus). Bunker-V can improve the security of hypervisors for cloud computing by reducing the at-risk “trusted computing base” (TCB) surface. The TCBs for “commodity hypervisors” like Xen and Hyper-V consist of “tens of millions of lines of code,” according to the presentation, leaving these hypervisors open to attacks from guest virtual machines (VMs), as well as well as external physical attacks.”