Hello, I am working on testbed executing some secure applications on untrusted hypervisor (in my case kvm). In order to verify the run time integrity of applications,I am using an idea based on write xor execute protection protecting any of the page table updates of hypervisor&user code/data using WP bit making it read only. I am capturing the request in the handler,temporarily making it write,log and then make it read only again. I am also using tamper-evident logging mechanism to log any events related to it. I have a few questions. 1. What are the ideal events that one needs to log so that if one needs to replay the log,he can do so to verify. 2. How can one create tamper-evident logging mechanism? How could client and the provider verify that each events are logged as intended without a miss. 3.How can one create a logging mechanism (say per client basis). In that case, if required we could replay the log so that we could capture the malicious event. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
