Dailydave mailing list archives

Re: VPC

From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Fri, 29 Feb 2008 12:56:11 -0000

I have only seen defensive implementations such as the work of
Garfinkel and Rosenblum at Stanford.  Their use case is a modified
hypervisor that can monitor critical OS data structures.  One of their
implementations watches the Linux system call table and can prevent
modification to thwart rootkits.

I think it's a great idea, I'd be interested in seeing any published
work you have on the topic.


StMichael running in SMM tries to accomplish the same in architectures where
virtualization is not supported:
http://www.kernelhacking.com/rodrigo/docs/H2HCIV.pdf

The idea is to port it also to be implemented using the hypervisor support
of the modern processors...



cya,



Rodrigo (BSDaemon)


--
www.kernelhacking.com/rodrigo

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: VPC, (continued)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
  - Re: VPC Matt Richard (Feb 29)
    - Re: VPC Jon Oberheide (Feb 29)
    - Re: VPC Andrew R. Reiter (Mar 03)
- Re: VPC Thierry Zoller (Feb 23)
  - Re: VPC Tyler (Feb 23)
    - Re: VPC J.M. Seitz (Feb 24)
    - Re: VPC Jared DeMott (Feb 25)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Feb 29)
  - Re: VPC Joanna Rutkowska (Feb 29)
    - Re: VPC Joanna Rutkowska (Feb 29)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Mar 03)
  - Re: VPC don bailey (Mar 03)