[Dailydave] VPC
Jon Oberheide
jon at oberheide.org
Fri Feb 29 09:57:45 EST 2008
On Thu, 2008-02-28 at 18:43 -0500, Matt Richard wrote:
> On Mon, Feb 25, 2008 at 10:34 PM, Anthony Lineberry
> <anthony.lineberry at gmail.com> wrote:
> > Is this sandboxing running outside of the hypervisor or inside?
> > One thing i've been messing with is lately is sandboxing from outside the guest
> > os by modifying a hypervisor to manipulate the kernel through external
> > hooks. I'm really curious is this has been done before and if i'm just
> > reinventing the wheel?
>
> I have only seen defensive implementations such as the work of
> Garfinkel and Rosenblum at Stanford. Their use case is a modified
> hypervisor that can monitor critical OS data structures. One of their
> implementations watches the Linux system call table and can prevent
> modification to thwart rootkits.
In related news, VMware just recently announced VMsafe:
http://www.vmware.com/overview/security/vmsafe.html
--
Jon Oberheide <jon at oberheide.org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080229/fad7fd91/attachment.pgp
More information about the Dailydave
mailing list