Dailydave mailing list archives
Re: VPC
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Fri, 29 Feb 2008 12:56:11 -0000
I have only seen defensive implementations such as the work of Garfinkel and Rosenblum at Stanford. Their use case is a modified hypervisor that can monitor critical OS data structures. One of their implementations watches the Linux system call table and can prevent modification to thwart rootkits. I think it's a great idea, I'd be interested in seeing any published work you have on the topic.
StMichael running in SMM tries to accomplish the same in architectures where virtualization is not supported: http://www.kernelhacking.com/rodrigo/docs/H2HCIV.pdf The idea is to port it also to be implemented using the hypervisor support of the modern processors... cya, Rodrigo (BSDaemon) -- www.kernelhacking.com/rodrigo _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave