Micro-VMs, or micro virtual machines, are hardware-isolated virtual machines created by a microvisor to help ensure secure computing environments. Micro-VMs, or microVMs, are used in micro-virtualization to isolate individual computing tasks that work with data originating from unknown sources.
With micro-virtualization, the Xen-based microvisor that creates each microVM is able to isolate these computing tasks from other computing tasks, applications and network systems. Because each micro-VM is isolated from other micro-VMs as well as the operating system itself, a micro-VM that becomes infected by malware will be completely destroyed when the micro-VM shuts down, preventing the malware from being able to corrupt other tasks, apps or the system itself.
The hardware-isolated micro-VMs stand in contrast to software sandboxing, which can leave the operating system vulnerable to malware. Micro-VMs are restricted to accessing a minimal set of operating system resources and are unable to interact with other system processes, ensuring security while also limiting potential latency and bottleneck issues.
MicroVM Examples and Use in Windows 10
The tasks that micro-VMs handles are the computations that take place within applications as well as within the system kernel, and examples of user tasks that micro-VMs can secure cover everything from accessing a web page to opening a document or spreadsheet to analyzing complex data.
The micro-virtualization technology was originally developed by desktop security firm Bromium in 2012 as part of the company’s vSentry product. In July 2015 Bromium announced a partnership with Microsoft to ensure Bromium’s micro-virtualization and micro-VM technology would be integrated in Windows 10 to help make the operating system “the most secure endpoint solution on the market.”