On Sat, Jul 26, 2014 at 2:06 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > >> Thanks a lot Paolo. >> >> Is there a way to atleast detect that the hypervisor has done something >> malicious and the client will be able to refer to some kind of logs to >> prove it? > > If you want a theoretical, perfect solution, no. I wouldn't be surprised > if this is equivalent to the halting problem. > > If you want a practical solution, you have to define a threat model. What > kind of attacks are you worried about? Which parts of the environment can > you control? Can you place something trusted between the vulnerable VM > and its clients? And so on. > > Paolo > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Here are some bits I read before: https://www.cs.purdue.edu/homes/bb/cs590/papers/secure_vm.pdf. It`s all about timing measurement after all, if you`ll be able to measure them or derive methods from, say, cache correlation attacks to avoid possibility of continuous hijack due to knowledge of amount of computation/timings which will not be possible with constant Eve measurements. you can complete task at a half. Complete execution without continuous checking against locally placed trusted blackbox equivalent (hardware token, trusted execution replaying or so) is hardly possible by my understanding. Anyway, any of imaginable cases relies on a finite amount of computing power available to a single thread, so I can hardly say that real-world implementation *is secure*, though we can define high probability of it. I believe that the homomorphic encryption can do its way for at least some kind of services by next decade, due to tendency of total cloudization, and this is definitely better than sticks-and-mud approach with timings. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
