Re: Mantrap By Recourse Technologies - Fate Advisory (11-01-00)

[Pavel Machek <pavel () UCW CZ>]

Hi!

> [ FINAL WORDS ]
>
> This basically shows that you can't rely upon anything but a
> total instruction-level emulation to make a real-looking and
> yet secure cage. We look forward to such a product as it would be
> a great tool in intrusion detection. As VMware shows, this can be
> done atleast on x86 CPUs and it would surprise me if it wouldn't
> be possible on other platforms (such as Sparc).

VMware is not really doing instruction-level emulation. It is doing
dirty tricks with native execution to speed it up. bochs is doing full
simulation, that's why it is slower than vmware.

Anyway, trickery VMware does is not required -- trapping all syscalls
is exactly as good. If you take a look at user mode linux (it is
available at sourceforge.net), you can do pretty much the same with
ptrace() interface. [And user mode linux is obviously opensource, so
it is practical to what you want].

                                                                Pavel
--
I'm pavel () ucw cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss () linmodems org