[Dailydave] VPC
Rodrigo Rubira Branco (BSDaemon)
rodrigo at kernelhacking.com
Fri Feb 29 07:56:11 EST 2008
> I have only seen defensive implementations such as the work of
> Garfinkel and Rosenblum at Stanford. Their use case is a modified
> hypervisor that can monitor critical OS data structures. One of their
> implementations watches the Linux system call table and can prevent
> modification to thwart rootkits.
>
> I think it's a great idea, I'd be interested in seeing any published
> work you have on the topic.
StMichael running in SMM tries to accomplish the same in architectures where
virtualization is not supported:
http://www.kernelhacking.com/rodrigo/docs/H2HCIV.pdf
The idea is to port it also to be implemented using the hypervisor support
of the modern processors...
cya,
Rodrigo (BSDaemon)
--
www.kernelhacking.com/rodrigo
More information about the Dailydave
mailing list