From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CWa0J-0003Xz-5j for qemu-devel@nongnu.org; Tue, 23 Nov 2004 07:42:43 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CWa0I-0003Xa-8w for qemu-devel@nongnu.org; Tue, 23 Nov 2004 07:42:42 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CWa0I-0003XX-1L for qemu-devel@nongnu.org; Tue, 23 Nov 2004 07:42:42 -0500 Received: from [64.233.184.195] (helo=wproxy.gmail.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CWZqy-0007NN-Gl for qemu-devel@nongnu.org; Tue, 23 Nov 2004 07:33:04 -0500 Received: by wproxy.gmail.com with SMTP id 70so711633wra for ; Tue, 23 Nov 2004 04:33:03 -0800 (PST) Message-ID: Date: Tue, 23 Nov 2004 13:31:59 +0100 From: Piotras Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] building a virus-proof PC with Qemu Reply-To: Piotras , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi! Imagine that with every byte stored on disk image, the emulated memory and CPU registers we associate a flag indicating if the byte come from "trusted" source. This information would propagate with every memory/disk access (data-flow tracking). Before Qemu would translate a block of code the trusted bits could be checked to see if the code is "trusted". Of course there are issues with dynamic loaders, dynamic compilers, etc. And it's not going to work well with scripted code. Possible usage: * building virus-proof PC, * automate hunting for worms/exploits on Internet. Opinions? Piotrek