User Tools

Site Tools


project:hvm:start

HVM security research

{{template>:project:infobox| name=HVM security research| image=pills.jpg?200| founder=fissie| interested=| sw=TBD| hw=N/A| status=postponed}

~~META: status = postponed &relation firstimage = :project:pills.jpg ~~

The aim of this project is to research security implications of hardware virtualization extensions. Such extensions are present in almost every modern x86 CPU (under marketing names AMD-V/SVM and Intel VT-x) and although they are very useful, it is believed that they can be used by malicious software to become virtually (no pun intended) undetectable. This has first been shown possible by the Blue Pill rootkit by Joanna Rutkowska.

Goal of this project is to research the theory around the technology, implement very thin “hypervisor” layer suitable for security research and go from there…

Status and Roadmap

  • [DONE] Gather information and links related to the technology
  • [IN PROGRESS] Gather already published papers, articles and code on HVM security
  • [PENDING] Discuss and design framework on which we will base our research. Should it be standalone hypervisor that loads before the OS, or something that loads on runtime KVM-style? Can we switch already running OS into a VM somehow?

Resources

Hardware virtualization in general:

Instruction sets specifications:

Security research:

project/hvm/start.txt · Last modified: 2016/11/28 01:08 by ruza