More on the subject of Computer security

Robert Stratton bob at
Thu May 13 16:59:24 CDT 2010

On May 11, 2010, at 9:59 AM, Andre Kesteloot wrote:


It's going to get more interesting as hypervisors proliferate. When I  
was at Symantec, my team was doing some research on how to use newer  
CPU functionality to validate and enforce configurations across an  
enterprise. ( 
2010.182 )

The newest CPUs have some features that will either allow people to  
protect their otherwise untrusted code to a degree we haven't seen in  
consumer machines, or will allow some of the nastiest and most  
undetectable rootkits imaginable. I don't necessarily subscribe to the  
idea that hypervisor-based rootkits like Blue Pill are completely  
undetectable as people like Joanna Rutkowski would assert, because you  
still have to put them into the machine somehow, but once they're  
there it does raise the stakes considerably.

These days, the problem reduces to "who gets to be the hypervisor  

The work of the Flicker group at CMU on minimal TCB code execution is  
worth reviewing if you have an interest in this area. It doesn't buy  
you anything on older processors, but in the newest machines support  
for the dynamic root of trust, it opens up some wonderful  
possibilities for "good enough" security on otherwise untrusted  

--Bob S.

More information about the Tacos mailing list