[rsbac] HW Hypervisors and RSBAC
Andrea Pasquinucci
cesare at ucci.it
Tue Oct 17 19:03:03 CEST 2006
I am looking at the new virtualization/security features of both Intel
and AMD processors: Intel VT-x / TET, AMD SVM / Pacifica (see for
example
http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24593.pdf
section 15)
In various presentations they are described as hw hypervisors which run
a Trusted Computing Base. (They are obviously related to TPM.)
Since Xen seems to be the first hypervisor to really run on this HW, I
was thinking that it could be very interesting to add RSBAC (at least
part of it) to the Xen hypervisor and realize a truly isolated Reference
Monitor.
What do you think about it? Am I completely off?
Andrea
PS. Could a xen+RSBAC hypervisor prevent attacks like the Blue Pill?
www.blackhat.com/presentations/bh-jp-06/BH-JP-06-Rutkowska.pdf
--
Andrea Pasquinucci cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2
More information about the rsbac
mailing list