[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] DomU rootkit detection in Dom0
Has any work been done on rootkit/kernel patching detection under Xen? Eg Dom0 periodically scans mapped kernel space in DomU to see if anything has been tinkered with. Ideally this would need to operate entirely outside of DomU (for obvious reasons), but having a driver in DomU initially grant the kernel pages to Dom0 might be required. 64 bit versions of Windows have PatchGuard(?) that prevent any modification to the kernel (http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx), but because that exists 'in the box' it can never been foolproof. More importantly, and perhaps OT, would this offer any reasonable increase in protection or is it just a short term gain? James _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |