From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Verifying Execution Integrity in Untrusted hypervisors
Date: Fri, 25 Jul 2014 18:06:07 -0400 (EDT)
Message-ID: <1413424519.16881687.1406325967286.JavaMail.zimbra@redhat.com>
References: <loom.20140725T215916-638@post.gmane.org> <53D2C374.5050500@redhat.com> <CAAQucXZWvbE0MJyEEeo=6hkwBJi0WkmixcuCzGEXLaZX1+6ziQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org
To: Shivaramakrishnan Vaidyanathan <shivaramakrishnan740@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx6-phx2.redhat.com ([209.132.183.39]:44119 "EHLO
	mx6-phx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751410AbaGYWGJ (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 25 Jul 2014 18:06:09 -0400
In-Reply-To: <CAAQucXZWvbE0MJyEEeo=6hkwBJi0WkmixcuCzGEXLaZX1+6ziQ@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>


> Thanks a lot Paolo.
> 
> Is there a way to atleast detect that the hypervisor has done something
> malicious and the client will be able to refer to some kind of logs to
> prove it?

If you want a theoretical, perfect solution, no.  I wouldn't be surprised
if this is equivalent to the halting problem.

If you want a practical solution, you have to define a threat model.  What
kind of attacks are you worried about?  Which parts of the environment can
you control?  Can you place something trusted between the vulnerable VM
and its clients?  And so on.

Paolo