Testing and profiling ACPI code in a Cuckoo Sandbox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

did anyone of you ever set up a Cuckoo Sandbox running Linux and used it to test how the execution of the ACPI code affects the system?

A few years ago malwr.com was hosting a Cuckoo Sandbox running Windows where you could upload any executable, let it run and then get a very detailled overview how running the executable affected the virtual Windows system, e. g. what changed were made in the registry, deployment of files and internet connections.

I think it should be possible to set up a Cuckoo Sandbox which uses QEMU to run Linux and to provide specific ACPI tables when doing so. I just don't know how well it works, so I was curious if anyone of you has experiences with this.

This won't apply to any of you developers of course, but it is just a fact that any hacker could use modified ACPI as a means to compromise a system, if he manages it to write the modified code to the tables. And the execution of ACPI code during a Linux boot can't be avoided, so basically this is a quite important issue/aspect, which shouldn't be simply disregarded. E. g. an attacker needs only be able to hide the calling of malicious code which is located at another memory area, and then you're doomed, considering the privileges which the ACPI code has while it is executed in kernel space.


Kind regards and thanks in advance

David




[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux