Dailydave mailing list archives

Re: Palladium, Memory Forensics, Clouds.

From: Curt Wilson <curtw () siu edu>
Date: Thu, 21 May 2009 08:58:10 -0500


I'm no expert on hypervisors, but I'm curious - in this scenario, what's
to stop a trojan from inserting itself between the hypervisor and
keystrokes? If malware such as Torpig, Zeus and the like are any
indication of the future threat in this area, then it may be a tall
order to ensure "end to end trust" on a trojaned box. Given the routine
violation of various protection mechanisms, how to best ensure the
protected process space?

Dave Aitel wrote:

<snip>

There's just so many good things that come with "end to end
trust". You could send an email from a trojaned box securely to someone else
with a trojaned box. The title bar of your window would say "signed to
Microsoft Outlook" and the hypervisor would encrypt the whole transaction
from your keyboard presses to the pixel display in a process space no other
process or kernel task can access.


<snip>



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Palladium, Memory Forensics, Clouds. Dave Aitel (May 20)
- Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 21)
- Re: Palladium, Memory Forensics, Clouds. Curt Wilson (May 21)
  - Re: Palladium, Memory Forensics, Clouds. Dave Aitel (May 22)
    - Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 22)
- Re: Palladium, Memory Forensics, Clouds. James Butler (May 25)
  - Re: Palladium, Memory Forensics, Clouds. dave (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Matthieu Suiche (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Dominique Brezinski (May 27)