Dailydave mailing list archives
Re: VPC
From: "Matt Richard" <matt.richard () gmail com>
Date: Thu, 28 Feb 2008 18:43:57 -0500
On Mon, Feb 25, 2008 at 10:34 PM, Anthony Lineberry <anthony.lineberry () gmail com> wrote:
Is this sandboxing running outside of the hypervisor or inside? One thing i've been messing with is lately is sandboxing from outside the guest os by modifying a hypervisor to manipulate the kernel through external hooks. I'm really curious is this has been done before and if i'm just reinventing the wheel?
I have only seen defensive implementations such as the work of Garfinkel and Rosenblum at Stanford. Their use case is a modified hypervisor that can monitor critical OS data structures. One of their implementations watches the Linux system call table and can prevent modification to thwart rootkits. http://www.cs.fit.edu/%7Epkc/id/related/garfinkel03ndssVM.pdf I think it's a great idea, I'd be interested in seeing any published work you have on the topic. Regards, Matt _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: VPC, (continued)
- Re: VPC Thorsten Holz (Feb 21)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
- Re: VPC Thierry Zoller (Feb 23)