From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CWkKd-00005Q-Fv
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 18:44:23 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CWkKc-000056-Ru
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 18:44:23 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CWkKc-00004w-NJ
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 18:44:22 -0500
Received: from [213.80.72.10] (helo=kubrik.opensource.se)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1CWkB6-0003lE-59
	for qemu-devel@nongnu.org; Tue, 23 Nov 2004 18:34:32 -0500
Subject: Re: [Qemu-devel] building a virus-proof PC with Qemu
From: Magnus Damm <damm@opensource.se>
In-Reply-To: <cd8ecdef041123144123e6e08b@mail.gmail.com>
References: <da63183704112304315e4f657@mail.gmail.com>
	<41A33090.9080703@gmx.com> <1101221775.8460.44.camel@localhost>
	<da63183704112309374be23309@mail.gmail.com> <41A3A983.9030100@gmx.com>
	<cd8ecdef041123144123e6e08b@mail.gmail.com>
Content-Type: text/plain
Message-Id: <1101252782.8460.105.camel@localhost>
Mime-Version: 1.0
Date: Wed, 24 Nov 2004 00:33:02 +0100
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Karl Magdsick <kmagnum@gmail.com>, qemu-devel@nongnu.org

On Tue, 2004-11-23 at 23:41, Karl Magdsick wrote:
> > sorry, but why don't you use/recommend Trusted Solaris (SPARC and i386)
> > http://wwws.sun.com/software/solaris/trustedsolaris/   ?
> > I hardly doubt that it will be too easy for anyone to clone the security
> > mechanisms it provides.
> 
> I agree that making the operating system role-aware seems like a much
> more tractable solution than trying to externally trace data flows. 
> An external system would have to be extremely intelligent in order to
> work out the Pi calculus from observing data and low-level CPU
> operations.

Extremely intelligent? The theory seems pretty simple to me.
Maybe we are talking about different things?

What about this: Analyze the code block that is translated from
guest-instructions to micro operations. If any of the guest-instructions
are data that is either unmodified untrusted data or data that is the
result of any operation involving untrusted data, then create a block of
illegal instructions. Or handle the violation in a smarter way.

This assumes that it is to possible mark RAM bytes as untrusted, and a
code flow analyzer keeping track if resources (registers, flags) contain
trusted or untrusted data. Maybe something like this:

http://lists.gnu.org/archive/html/qemu-devel/2004-08/msg00285.html

/ magnus