On Fri, 2011-03-25 at 14:11 +0800, Yao wrote: > Well, my idea is based on a paper "Secure In-VM Monitoring Using > Hardware Virtualization"(CCS'09). I will appreciate if you spend some > time to look through the content & check if what I did is right. If I understand correctly, that paper is about co-locating a monitoring service in the same VM as the operating system being monitored. But the security server is not a monitoring service; it is a policy engine invoked by the kernel. So I don't think this applies. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
