[cap-talk] Virtual Machine Based Rootkits
Karp, Alan H
alan.karp at hp.com
Sun Aug 6 23:34:15 EDT 2006
David Hopwood wrote:
> > My understanding is that all it
> > takes to be "fully virtualizable" is to have all privileged
> operations
> > trap in "user" mode.
>
> That is the definition of "fully virtualizable", yes.
My understanding is that these systems don't trap the privileged
instructions in user mode. Instead they run the OS in Ring 1 and the
rootkit in Ring 1.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060806/1cfb9873/attachment.vcf
More information about the cap-talk
mailing list