brmlab

User Tools

Site Tools

You are here: Hackerspace Prague » Projects » HVM security research
project:hvm:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
project:hvm [2010/10/07 00:41] ruzaproject:hvm:start [2016/11/25 09:48] ruza
Line 1: Line 1:
 +====== HVM security research ======
  
 +{{template>:project:infobox|
 +name=HVM security research|
 +image=pills.jpg?200|
 +founder=[[user:fissie]]|
 +interested=|
 +sw=TBD|
 +hw=N/A|
 +status=planning}}
 +
 +The aim of this project is to research security implications of hardware virtualization extensions. Such extensions are present in almost every modern x86 CPU (under marketing names AMD-V/SVM and Intel VT-x) and although they are very useful, it is believed that they can be used by malicious software to become virtually (no pun intended) undetectable. This has first been shown possible by the [[wp>Blue Pill]] rootkit by [[wp>Joanna Rutkowska]].
 +
 +Goal of this project is to research the theory around the technology, implement very thin "hypervisor" layer suitable for security research and go from there... 
 +
 +===== Status and Roadmap =====
 +
 +  * [DONE] Gather information and links related to the technology
 +  * [IN PROGRESS] Gather already published papers, articles and code on HVM security
 +  * [PENDING] Discuss and design framework on which we will base our research. Should it be standalone hypervisor that loads before the OS, or something that loads on runtime KVM-style? Can we switch already running OS into a VM somehow?
 +
 +===== Resources ====
 +
 +Hardware virtualization in general:
 +
 +  * [[wp>Hardware_virtual_machine]]
 +    * [[wp>X86_virtualization]]
 +
 +Instruction sets specifications:
 +
 +  * Intel Software Developer's Manual: http://www.intel.com/products/processor/manuals/index.htm
 +    * especially Volume 3B: System Programming Guide: http://www.intel.com/Assets/PDF/manual/253669.pdf
 +  * AMD64 Architecture Programmer's Manual: http://developer.amd.com/documentation/guides/Pages/default.aspx
 +    * especially Volume 2: System Programming: http://support.amd.com/us/Processor_TechDocs/24593.pdf
 +  * Status of the following is unclear, use with care. When in doubt, use the official manuals
 +    * Hardware Support for Efficient Processor Virtualization: http://download.intel.com/technology/itj/2006/v10i3/v10-i3-art01.pdf
 +    * Secure Virtual Machine Architecture Reference Manual: http://www.mimuw.edu.pl/~vincent/lecture6/sources/amd-pacifica-specification.pdf
 +
 +Security research:
 +
 +  * [[wp>Joanna_Rutkowska]]
 +    * [[wp>Blue_Pill_(malware)]]
 +    * [[wp>Red_pill#Other_uses]]
 +
 +  * [[http://secunia.com/advisories/product/15863/|Xen 3.x vuln stats]]
 +  * [[http://secunia.com/advisories/product/17812/|kvm vuln stats]]
 +
 +  * [[http://secdocs.lonerunners.net/documents/details/2794-subverting-the-xen-hypervisor|BH_US_08_Wojtczuk_Subverting_the_Xen_Hypervisor]]
project/hvm/start.txt · Last modified: 2016/11/28 01:08 by ruza