Re: [kernel-hardening] Introduction + new project: "rootkit detection using virtualization".

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 10, 2017 at 3:27 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Fri, Feb 10, 2017 at 2:00 PM, Matthew Giassa <matthew@xxxxxxxxxx> wrote:
>> Good day,
>>
>> I am a volunteer developer taking up a project originally proposed by
>> Rik van Riel, "rootkit detection using virtualization", and am
>> planning to contribute regularly to this project over the coming
>> months. I was advised to contact these mailing lists to introduce
>> myself, and I also wanted to inquire about any existing projects that
>> coincide with this work. My initial work will involved diving into KVM
>> + qemu source and deciding how best to approach the problem. While I
>> have the attention of list members, are there any specific
>> individuals/groups I should contact directly with respect to this type
>> of project?
>>
>> Thank you.
>
> Hi! Welcome to the list(s)!
>
> I think this is an interesting area of research, though it may be a
> tricky cat/mouse game. Some of this kind of
> hypervisor-protects-the-kernel work has been done on some Android
> phones in small areas (see the cred protection near the end):
>
> http://keenlab.tencent.com/en/2016/06/01/Emerging-Defense-in-Android-Kernel/

And some privilege monitoring work done by Matthew Garrett:

https://github.com/mjg59/rkt/commits/privilege

-Kees

-- 
Kees Cook
Pixel Security



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux