More on the subject of Computer security

Mike O'Dell mo at ccr.org
Fri May 14 07:12:32 CDT 2010 

replace the existing and generally useless BIOS
with the Xen hypervisor - it gets control running
in ROM and then it's Microsoft's worst nightmare:
"Windows in a Baggie" (cf, "Three dead trolls in a baggie"),
and Linux in a Baggie for that matter.

Shades of VM/370! Simply don't let *anything* other than
a hypervisor microkernel ever have direct access to the hardware.
I believe if you ask The Google about Xen/L4 ....

	-mo

PS - this was the picture that was the basis for NEA's
investment in Xen, which was then bought by Citrix
for a handsome sum.

On 5/13/10 5:59 PM, Robert Stratton wrote:
>
> On May 11, 2010, at 9:59 AM, Andre Kesteloot wrote:
>
>> http://arstechnica.com/security/news/2010/05/multicore-cpus-move-attack-from-theoretical-to-practical.ars
>>
>
> It's going to get more interesting as hypervisors proliferate. When I
> was at Symantec, my team was doing some research on how to use newer CPU
> functionality to validate and enforce configurations across an
> enterprise. ( http://doi.ieeecomputersociety.org/10.1109/HICSS.2010.182 )
>
> The newest CPUs have some features that will either allow people to
> protect their otherwise untrusted code to a degree we haven't seen in
> consumer machines, or will allow some of the nastiest and most
> undetectable rootkits imaginable. I don't necessarily subscribe to the
> idea that hypervisor-based rootkits like Blue Pill are completely
> undetectable as people like Joanna Rutkowski would assert, because you
> still have to put them into the machine somehow, but once they're there
> it does raise the stakes considerably.
>
> These days, the problem reduces to "who gets to be the hypervisor first?"
>
> The work of the Flicker group at CMU on minimal TCB code execution is
> worth reviewing if you have an interest in this area. It doesn't buy you
> anything on older processors, but in the newest machines support for the
> dynamic root of trust, it opens up some wonderful possibilities for
> "good enough" security on otherwise untrusted codebases.
>
> --Bob S.
>
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> http://www.amrad.org/mailman/listinfo/tacos

-- 
"Of course it's hard!
If it was easy, we'd be buying it from somebody else!"

More information about the Tacos mailing list