[Dailydave] VPC
Matt Richard
matt.richard at gmail.com
Thu Feb 28 18:43:57 EST 2008
On Mon, Feb 25, 2008 at 10:34 PM, Anthony Lineberry
<anthony.lineberry at gmail.com> wrote:
> Is this sandboxing running outside of the hypervisor or inside?
> One thing i've been messing with is lately is sandboxing from outside the guest
> os by modifying a hypervisor to manipulate the kernel through external
> hooks. I'm really curious is this has been done before and if i'm just
> reinventing the wheel?
I have only seen defensive implementations such as the work of
Garfinkel and Rosenblum at Stanford. Their use case is a modified
hypervisor that can monitor critical OS data structures. One of their
implementations watches the Linux system call table and can prevent
modification to thwart rootkits.
http://www.cs.fit.edu/%7Epkc/id/related/garfinkel03ndssVM.pdf
I think it's a great idea, I'd be interested in seeing any published
work you have on the topic.
Regards,
Matt
More information about the Dailydave
mailing list