[cap-talk] Virtual Machine Based Rootkits
Jed at Webstart
donnelley1 at webstart.com
Fri Aug 4 17:32:44 EDT 2006
At 12:58 PM 8/4/2006, David Hopwood wrote:
>...Another is the VT/Pacifica-specific features themselves -- there was no
>attempt (and it would have been much more complex) to make these
>architectures *recursively* virtualizable.
That's interesting. That would seem to suggest that if you're running
a VMM and some cracker tried to install a VNBR by coming in through
a guest OS, then they wouldn't be able to make use of the virtualizability
features of VT or Pacifica in any case. Then even if they were somehow
able to break through to the hardware level and install their VMBR, it
would seem that their doing so would mess up you're running your
own VMM - making their VMBR quite visible indeed.
I'm not sure where the truth lies here, but this thought that building
virtualizable processors will somehow make them more vulnerable
to rootkits seems vastly oversold to me at this point.
Perhaps Norm remembers this technical point. I seem to recall that
some of the IBM 370 computers came with virtual machine assist that
deliberately did provide for recursive virtualizability. Do you recall
that Norm? Does anyone know if there are still VM370 systems
running VMMs?
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list