From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CWeld-0006TL-0E for qemu-devel@nongnu.org; Tue, 23 Nov 2004 12:47:53 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CWela-0006Rx-Qp for qemu-devel@nongnu.org; Tue, 23 Nov 2004 12:47:51 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CWela-0006Ra-IP for qemu-devel@nongnu.org; Tue, 23 Nov 2004 12:47:50 -0500 Received: from [64.233.184.202] (helo=wproxy.gmail.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CWebr-0003mc-2q for qemu-devel@nongnu.org; Tue, 23 Nov 2004 12:37:47 -0500 Received: by wproxy.gmail.com with SMTP id 69so571445wra for ; Tue, 23 Nov 2004 09:37:45 -0800 (PST) Message-ID: Date: Tue, 23 Nov 2004 18:37:41 +0100 From: Piotras Subject: Re: [Qemu-devel] building a virus-proof PC with Qemu In-Reply-To: <1101221775.8460.44.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <41A33090.9080703@gmx.com> <1101221775.8460.44.camel@localhost> Reply-To: Piotras , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi! In fact I thought about the idea in context of military/classified environment. However the technology could be interesting to large corporations as well. Especially that Qemu performance may justify this in not-so-distant future. The technology could be transparent to the operating system (build into qemu-softmmu). I don't see why this shouldn't work with Windows. The "trusted" flag is not visible for the guest (it's stored in "hidden" part of qemu disk image, "hidden" registers, and "hidden" RAM area). The flag could be handled transparently by Qemu, except that when trying to execute "untrusted" code it could just generate illegal opcode exception. The extension to the original idea could be to trace sensitive (classified) data to for example block all ethernet frames that may contain sensitive data from leaving the system. How to mark data as "trusted"? There are many possibilities. For example when inserting CD-ROM we could have a checkbox (handled by host) to mark all data read from CD-ROM as "trusted". Another possibility is to have a special utility running inside the guest that could tell Qemu that a given file (set of bytes on disk) contains classified data. Regards, Piotrek On Tue, 23 Nov 2004 15:56:15 +0100, Magnus Damm wrote: > Hello again, > > On Tue, 2004-11-23 at 13:44, Bochnig, Martin wrote: > > Hi, > > > > most of you know that: The easiest and most secure (100.00%) option > > imaginable is to boot from cd/dvd and to keep the registry (in case of > > m$-win) - or other files requiring write access - inside of a ramdrive. > > Works. > > I think the idea is really nice, tried to convince some people employed > by the Swedish army about this two years ago. The Swedish army is very > picky about classified data and if a computer ever gets near classified > information the machine has to be marked as classified and then the > entire machine has to be handled very strictly. Booting from cdrom is > simple and effective. > > Do you have any pointers how to do this with Windows (2k/XP) ? > > Thanks! > > / magnus