Scientists Propose Guaranteed Hypervisor Security 104
Posted
by
kdawson
from the can't-write-there dept.
from the can't-write-there dept.
schliz writes "NCSU researchers are attempting to address today's 'blind trust' of virtualization with new security techniques that 'guarantee' malware does not infect hypervisors. Their HyperSafe software uses the write-protect bit on hypervisor hardware, as well as a technique called restricted pointer indexing, which characterizes the normal behavior of the system and prevents any deviation. A proof-of-concept prototype has been tested on BitVisor and Xen, in research that will be presented (PDF) at an IEEE conference today."
Re:Dangerous (Score:4, Interesting)
Re:Dangerous (Score:3, Interesting)
One thing that does seem curiously absent is how the NX bit helps you with DMA transfers. Ok, granted, you'd need to trick hardware other than the cpu into overwriting it, but given how much buggy hardware *cough* wireless broadcom chips for example *cough* there is in this imperfect world that isn't going to take all that long.
So you'd need to forbid virtual machines from accessing any non-emulated hardware* (which I'd say is going to cost you in performance) and even then any mistake in the hypervisor's drivers for the real hardware will be fatal (the latest linux release needed about 6.3 megabytes to describe the driver changes done)
* if you allow direct access to any device capable of DMA transfers, that will enable the VM to overwrite any memory it chooses
Re:Dangerous (Score:3, Interesting)
self-repairing systems.
only possible with multiple cores [parallel processing] and a limited speed of 'blotting' - two or more processes monitor validity of each-other and repair the damage if any, using undamaged code from read-only medium.
[so that even a glitch that makes an invalid process to 'repair' a valid one will do so with good data.
Re:Dangerous (Score:3, Interesting)
The world's shortest explaination of Godel's Incompleteness Theorem by Raymond Smullyan.
We have some sort of machine that prints out statements in some sort of language. It need not be a statement-printing machine exactly; it could be some sort of technique for taking statements and deciding if they are true. But lets think of it as a machine that prints out statements. In particular, some of the statements that the machine might (or might not) print look like these:
For example, NPR*FOO means that the machine will never print FOOFOO. NP*FOOFOO means the same thing. So far, so good.
Now, lets consider the statement NPR*NPR*. This statement asserts that the machine will never print NPR*NPR*.
Either the machine prints NPR*NPR*, or it never prints NPR*NPR*. If the machine prints NPR*NPR*, it has printed a false statement. But if the machine never prints NPR*NPR*, then NPR*NPR* is a true statement that the machine never prints.
So either the machine sometimes prints false statements, or there are true statements that it never prints. So any machine that prints only true statements must fail to print some true statements. Or conversely, any machine that prints every possible true statement must print some false statements too.