Dailydave mailing list archives

Re: VPC

From: "Matt Richard" <matt.richard () gmail com>
Date: Thu, 28 Feb 2008 18:43:57 -0500

On Mon, Feb 25, 2008 at 10:34 PM, Anthony Lineberry
<anthony.lineberry () gmail com> wrote:

 Is this sandboxing running outside of the hypervisor or inside?
 One thing i've been messing with is lately is sandboxing from outside the guest
 os by modifying a hypervisor to manipulate the kernel through external
 hooks. I'm really curious is this has been done before and if i'm just
 reinventing the wheel?


I have only seen defensive implementations such as the work of
Garfinkel and Rosenblum at Stanford.  Their use case is a modified
hypervisor that can monitor critical OS data structures.  One of their
implementations watches the Linux system call table and can prevent
modification to thwart rootkits.

http://www.cs.fit.edu/%7Epkc/id/related/garfinkel03ndssVM.pdf

I think it's a great idea, I'd be interested in seeing any published
work you have on the topic.

Regards,

Matt
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: VPC, (continued)
- - - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC Kurt Baumgartner (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
- Re: VPC Thorsten Holz (Feb 21)
  - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
  - Re: VPC Halvar Flake (Feb 27)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
  - Re: VPC Matt Richard (Feb 29)
    - Re: VPC Jon Oberheide (Feb 29)
    - Re: VPC Andrew R. Reiter (Mar 03)
- Re: VPC Thierry Zoller (Feb 23)
  - Re: VPC Tyler (Feb 23)
    - Re: VPC J.M. Seitz (Feb 24)
    - Re: VPC Jared DeMott (Feb 25)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Feb 29)
  - Re: VPC Joanna Rutkowska (Feb 29)
    - Re: VPC Joanna Rutkowska (Feb 29)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Mar 03)

(Thread continues...)