On Fri, Feb 10, 2017 at 3:27 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Fri, Feb 10, 2017 at 2:00 PM, Matthew Giassa <matthew@xxxxxxxxxx> wrote: >> Good day, >> >> I am a volunteer developer taking up a project originally proposed by >> Rik van Riel, "rootkit detection using virtualization", and am >> planning to contribute regularly to this project over the coming >> months. I was advised to contact these mailing lists to introduce >> myself, and I also wanted to inquire about any existing projects that >> coincide with this work. My initial work will involved diving into KVM >> + qemu source and deciding how best to approach the problem. While I >> have the attention of list members, are there any specific >> individuals/groups I should contact directly with respect to this type >> of project? >> >> Thank you. > > Hi! Welcome to the list(s)! > > I think this is an interesting area of research, though it may be a > tricky cat/mouse game. Some of this kind of > hypervisor-protects-the-kernel work has been done on some Android > phones in small areas (see the cred protection near the end): > > http://keenlab.tencent.com/en/2016/06/01/Emerging-Defense-in-Android-Kernel/ And some privilege monitoring work done by Matthew Garrett: https://github.com/mjg59/rkt/commits/privilege -Kees -- Kees Cook Pixel Security
