[cap-talk] Virtual Machine Based Rootkits
Karp, Alan H
alan.karp at hp.com
Fri Aug 4 16:58:42 EDT 2006
Jed wrote:
> >That's because x86 is not fully virtualizable. Rutkowska is
> working on
> >architectures that are.
>
> Huh? I thought the VT and Pacifica versions of "x86" are fully
> virtualizable. Is that not true? My understanding is that all it
> takes to be "fully virtualizable" is to have all privileged operations
> trap in "user" mode. Perhaps I misread this, but I thought
> Rutkowska was working with Pacifica. Not?
>
My understanding is that all the papers that have shown how the OS can
detect that it has been virtualized, including VMBR, refer to less than
perfectly virtualizable hardware. I'm not expert enough to evaluate
Rutkowska's claims.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060804/bdf429e7/attachment.vcf
More information about the cap-talk
mailing list