| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Re: Regarding Xen security....
> > The vast majority of this is, as Keith Adams put its, "quasi-illiterate
> > gibberish."
> >
> > http://x86vmm.blogspot.com/2006/08/blue-pill-is-quasi-illiterate.html
> >
> > Having VT/SVM doesn't really change anything wrt rootkits. Most of what
> > is floating around is FUD. There's nothing you can do today that you
> > couldn't do before VT/SVM.
>
> This is true in some manner, it's just that VT/SVM let a rootkit hide
> itself pretty well from the operating system that it is already
> attacking. But no doubt it's FUD. At the other end though, Intel
> invests a lot of efforts in marketing VT as a synonym for security.
I always thought the principle behind blue pill was quite sensible. It's not
demonstrating a fundamental flaw / bug in the hardware design (I'm not sure
it was originally presented that way, although I've certainly seem it treated
as if it did).
I see it as just a (rather neat and clever) proof of concept to show that the
VMX/SVM extensions add a new class of attack and a new stealth mechanism for
rootkits; no more no less. A heads-up to the security community. And worth
pointing out, since existing rootkit detection mechanisms may not be able to
detect it once the VMX stealthing is enabled...
I have a feeling that this research has both been reported to be much more,
and much less than it really is. The important thing is that it doesn't open
a new loophole, but does provide a new tool for attackers (and for
defenders!).
Cheers,
Mark
--
Dave: Just a question. What use is a unicyle with no seat? And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home