More on the subject of Computer security
Robert Stratton
bob at stratton.net
Thu May 13 16:59:24 CDT 2010
On May 11, 2010, at 9:59 AM, Andre Kesteloot wrote:
> http://arstechnica.com/security/news/2010/05/multicore-cpus-move-attack-from-theoretical-to-practical.ars
It's going to get more interesting as hypervisors proliferate. When I
was at Symantec, my team was doing some research on how to use newer
CPU functionality to validate and enforce configurations across an
enterprise. ( http://doi.ieeecomputersociety.org/10.1109/HICSS.
2010.182 )
The newest CPUs have some features that will either allow people to
protect their otherwise untrusted code to a degree we haven't seen in
consumer machines, or will allow some of the nastiest and most
undetectable rootkits imaginable. I don't necessarily subscribe to the
idea that hypervisor-based rootkits like Blue Pill are completely
undetectable as people like Joanna Rutkowski would assert, because you
still have to put them into the machine somehow, but once they're
there it does raise the stakes considerably.
These days, the problem reduces to "who gets to be the hypervisor
first?"
The work of the Flicker group at CMU on minimal TCB code execution is
worth reviewing if you have an interest in this area. It doesn't buy
you anything on older processors, but in the newest machines support
for the dynamic root of trust, it opens up some wonderful
possibilities for "good enough" security on otherwise untrusted
codebases.
--Bob S.
More information about the Tacos
mailing list