Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Enc: FreeBSD and the new virtual machine-based rootkits
From: Wesley Shields (wxsatarininja.org)
Date: Fri Nov 03 2006 - 13:58:01 CST
On Fri, Nov 03, 2006 at 07:54:59AM -0800, Ricardo A. Reis wrote:
> In the II COLARIS - Joanna Rutkowska alert the possible
> new technology of Malware's using hardware virtualization, present
> in AMD and INTEL new processor.
> I've two questions ...
> 1) How is possible detect if my system is moved inside a VM on the fly ?
She has discussed various solutions for this problem, and why she
believes they may or may not work. The one most people suggest is to
time how long it takes for various instructions to run, but this can be
tricked by the VMM-rootkit. I'd suggest reading:
> 2) Exist a project for merge veriexec from NetBSD on FreeBSD
> and add SPKI feature ?
Not that I'm aware of but something which is somewhat similar has been
posted to trustedbsd-discuss.
I'd check out the following links:
AFAIK this is still in perforce, but will hopefully make it's way into
-CURRENT and eventually a release. I'm sure someone will speak up if
I'm wrong here.
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"