HVM security research

HVM security research
pills.jpg
founder: fissie
depends on:
interested:
software license: TBD
hardware license: N/A
status: planning

The aim of this project is to research security implications of hardware virtualization extensions. Such extensions are present in almost every modern x86 CPU (under marketing names AMD-V/SVM and Intel VT-x) and although they are very useful, it is believed that they can be used by malicious software to become virtually (no pun intended) undetectable. This has first been shown possible by the Blue Pill rootkit by Joanna Rutkowska.

Goal of this project is to research the theory around the technology, implement very thin “hypervisor” layer suitable for security research and go from there…

Status and Roadmap

  • [DONE] Gather information and links related to the technology
  • [IN PROGRESS] Gather already published papers, articles and code on HVM security
  • [PENDING] Discuss and design framework on which we will base our research. Should it be standalone hypervisor that loads before the OS, or something that loads on runtime KVM-style? Can we switch already running OS into a VM somehow?

Resources

Hardware virtualization in general:

Instruction sets specifications:

Security research:

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki