[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xense-devel] xenwatch and xenswitch processes

To: "Joop Boonen" <joop_boonen@xxxxxx>
From: "Bryan D. Payne" <bryan@xxxxxxxxxxxx>
Date: Tue, 18 Jul 2006 08:41:07 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 18 Jul 2006 05:41:22 -0700
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

I have the following question. I've used xen what i see in a DomUis the
xenswitch and xenwatch processes. When i have users on a system or a
firewall on DomU is hacked they know it's running on xen. Is therea way
to not show/hide these processes?

While you might be able to hide the processes (e.g., using arootkit), I think that there's a larger issue here. It sounds likeyou're goal is to completely hide the fact that a machine is runningin a domU. And, for better or worse, this is very hard to do.

Consider, for example, Red Pill. This small program can detect whenit's running in a virtualized environment:


http://invisiblethings.org/papers/redpill.html

Cheers,
bryan


-
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

References:
- [Xense-devel] xenwatch and xenswitch processes
  - From: Joop Boonen

Prev by Date: [Xense-devel] xenwatch and xenswitch processes
Next by Date: Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
Previous by thread: [Xense-devel] xenwatch and xenswitch processes
Next by thread: Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.