Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VPC

From: Jon Oberheide <jon () oberheide org>
Date: Fri, 29 Feb 2008 09:57:45 -0500
On Thu, 2008-02-28 at 18:43 -0500, Matt Richard wrote:

On Mon, Feb 25, 2008 at 10:34 PM, Anthony Lineberry
<anthony.lineberry () gmail com> wrote:

 Is this sandboxing running outside of the hypervisor or inside?
 One thing i've been messing with is lately is sandboxing from outside the guest
 os by modifying a hypervisor to manipulate the kernel through external
 hooks. I'm really curious is this has been done before and if i'm just
 reinventing the wheel?


I have only seen defensive implementations such as the work of
Garfinkel and Rosenblum at Stanford.  Their use case is a modified
hypervisor that can monitor critical OS data structures.  One of their
implementations watches the Linux system call table and can prevent
modification to thwart rootkits.


In related news, VMware just recently announced VMsafe:

http://www.vmware.com/overview/security/vmsafe.html

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: