From: Joel Schopp <joel.schopp@amd.com>
To: Shiva V <shivaramakrishnan740@gmail.com>, <kvm@vger.kernel.org>
Subject: Re: Verifying Execution Integrity in Untrusted hypervisors
Date: Mon, 28 Jul 2014 12:17:07 -0500 [thread overview]
Message-ID: <53D68593.6020803@amd.com> (raw)
In-Reply-To: <loom.20140725T215916-638@post.gmane.org>
On 07/25/2014 03:11 PM, Shiva V wrote:
> Hello,
> I am exploring on finding a way to ensure runtime integrity of
>
> a executable in untrusted hypervisors.
>
> In particular, this is my requirements:
>
> 1. I have a 2 virtual machines. (A, B).
>
> 2. VM-A is running some service (exe) inside it. For example any resource
>
> accounting service intended to monitor for VM-B.
>
> 3. I need a way to verify run time integrity from VM-B of the executable
>
> running inside VM-A.
>
> 4. Both the vm's are not privileged vm's and are just normal client virtual
>
> machines.
>
> 5. Underlying hypervisor is untrusted.
If the hypervisor is untrusted you have broken the root of trust and are
going to be pretty out of luck.
Any solution will require a level below the hypervisor that you trust.
An example would be hardware that isolates memory from the hypervisor,
ie
https://www.google.com/patents/WO2013054528A1?cl=en&dq=Joel+Schopp&hl=en&sa=X&ei=YYPWU6aVJNProATe5IHACQ&ved=0CDMQ6AEwAw
Another approach might be to start with something like a TPM and a
trusted runtime UEFI. You could then have the guest call UEFI to do
measurement with the TPM and use that for remote attestation. With such
a method you could probably get to the point that you could measure
something in guest memory at run-time, but you would have no assurance
it hadn't been modified prior or after and was just temporarily correct,
it would be a very point in time measurement.
next prev parent reply other threads:[~2014-07-28 17:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-25 20:11 Verifying Execution Integrity in Untrusted hypervisors Shiva V
2014-07-25 20:52 ` Paolo Bonzini
[not found] ` <CAAQucXZWvbE0MJyEEeo=6hkwBJi0WkmixcuCzGEXLaZX1+6ziQ@mail.gmail.com>
2014-07-25 22:06 ` Paolo Bonzini
2014-07-26 19:56 ` Andrey Korolyov
2014-07-28 17:17 ` Joel Schopp [this message]
2014-07-28 18:31 ` Jan Kiszka
2014-07-28 20:27 ` Paolo Bonzini
2014-07-28 21:17 ` Nakajima, Jun
2014-07-29 5:35 ` Jan Kiszka
2014-07-31 18:25 ` Shiva V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D68593.6020803@amd.com \
--to=joel.schopp@amd.com \
--cc=kvm@vger.kernel.org \
--cc=shivaramakrishnan740@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.