Scientists Propose Guaranteed Hypervisor Security 104
schliz writes "NCSU researchers are attempting to address today's 'blind trust' of virtualization with new security techniques that 'guarantee' malware does not infect hypervisors. Their HyperSafe software uses the write-protect bit on hypervisor hardware, as well as a technique called restricted pointer indexing, which characterizes the normal behavior of the system and prevents any deviation. A proof-of-concept prototype has been tested on BitVisor and Xen, in research that will be presented (PDF) at an IEEE conference today."
Re:Dangerous (Score:3, Informative)
It's an interesting technique, but it is not a guarantee.
The summary doesn't mention the number of assumptions that the researchers make:
+ A working TPM module
+ An adversary limited to memory corruption
+ No unknown faults in the underlying system that can be exploited.
Also the second technique (restricter pointer indexing) relies on performing a static analysis of the target hypervisor and rewriting it into a suitable form. This is not guaranteed to terminate, let alone guaranteed to work, although it does on the small number of test-cases that they considered.
Seems like quite an interesting paper, standard amount of overselling for American academic work (where every paper solves the world) and a shame that the reviewers didn't tone down the claims a touch.