Scientists Propose Guaranteed Hypervisor Security

← Back to Stories (view on slashdot.org)

Scientists Propose Guaranteed Hypervisor Security

Posted by kdawson on Monday May 17, 2010 @12:19AM from the can't-write-there dept.

schliz writes "NCSU researchers are attempting to address today's 'blind trust' of virtualization with new security techniques that 'guarantee' malware does not infect hypervisors. Their HyperSafe software uses the write-protect bit on hypervisor hardware, as well as a technique called restricted pointer indexing, which characterizes the normal behavior of the system and prevents any deviation. A proof-of-concept prototype has been tested on BitVisor and Xen, in research that will be presented (PDF) at an IEEE conference today."

9 of 104 comments (clear)

Min score:

Reason:

Sort:

Dangerous by Nerdfest · 2010-05-17 00:23 · Score: 4, Insightful

It's very dangerous to say "guaranteed" when it comes to security. It's very rarely true.
1. Re:Dangerous by fuzzyfuzzyfungus · 2010-05-17 00:29 · Score: 3, Interesting
  
  Well, to be fair, CS is math, and can involve definite formal proofs, Now, once you compromise on hardware requirements(Due to a scarcity of Turing machines, $IDEAL_ALGORITHM has been ported to x86...) or have to produce software at the speed of programming rather than the speed of proof...
2. Re:Dangerous by T+Murphy · 2010-05-17 00:34 · Score: 4, Insightful
  
  Saying guaranteed is very dangerous for a corporation that will lose $$$ in sales should they be proven wrong. For researchers who are actually concerned about trying to make something that is guaranteed safe, using the word is great as it begs people to put them to the test. Better to be proven wrong quickly so they can get back to work, than to falsely believe it may truly be safe.
  
  --
  My webcomic
3. Re:Dangerous by SharpFang · 2010-05-17 00:37 · Score: 4, Insightful
  
  "Guaranteed" is a sound mathematical concept that works flawlessly in a mathematically perfect environment.
  It's not the algorithm that is usually compromised, it's the implementation. Like, the algorithm is based on strong randomness and none is assured, or the algorithm assumes a medium to be read-only while it is just write-protected in software and so on.
  
  --
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
4. Re:Dangerous by OeLeWaPpErKe · 2010-05-17 01:01 · Score: 3, Interesting
  
  One thing that does seem curiously absent is how the NX bit helps you with DMA transfers. Ok, granted, you'd need to trick hardware other than the cpu into overwriting it, but given how much buggy hardware *cough* wireless broadcom chips for example *cough* there is in this imperfect world that isn't going to take all that long.
  So you'd need to forbid virtual machines from accessing any non-emulated hardware* (which I'd say is going to cost you in performance) and even then any mistake in the hypervisor's drivers for the real hardware will be fatal (the latest linux release needed about 6.3 megabytes to describe the driver changes done)
  * if you allow direct access to any device capable of DMA transfers, that will enable the VM to overwrite any memory it chooses
5. Re:Dangerous by ircmaxell · 2010-05-17 01:04 · Score: 4, Insightful
  
  Reminds me of the story of the Tortoise and the Crab from Gödel, Escher, Bach: An Eternal Golden Braid by Douglas R. Hofstadter. The Crab kept buying a "Perfect record player". One that could reproduce any sound possible. The Tortoise kept bringing over records that would induce harmonics and destroy the player. The conclusion drawn by Hofstadter was that if it's perfect, by the very nature of its perfection it can be destroyed by a record. In fact, all record players that reproduce a sound predictably can be destroyed by a record entitled "I Cannot Be Played on Record Player x". So that means that anything useful as a record player is vulnerable.
  
  I think you can draw the same analogy here. There's always a way to break any system, no matter how "secure" you make it. The key is does the record player actually play records (is the computer useful in computing)? You could make a perfectly secure computer, so long as you never turn it on. But by the very nature that it's running, it's vulnerable to SOMETHING. It's a byproduct of working with a complex system... An application of Gödel's incompleteness theorem proves that in any sufficiently powerful formal system, there's always a question that can break that system (or at least break it with respect to that system). So basically the only secure computer is one that's incapable of actual computation. Once it becomes useful, there will always be a way to break it...
  
  --
  If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good
6. Re:Dangerous by ray-auch · 2010-05-17 01:16 · Score: 3, Insightful
  
  And I've seen woodworm...
pdf? by Cmdr-Absurd · 2010-05-17 00:23 · Score: 3, Insightful

Link to a pdf version of the paper? Given recent security problems with that format, does anyone else find it funny?
They should have my cousin test this by NotSoHeavyD3 · 2010-05-17 00:33 · Score: 4, Funny

Because if anybody could get a machine infected it'd be him.

--
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.