[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] building a virus-proof PC with Qemu
|
From: |
Piotras |
|
Subject: |
Re: [Qemu-devel] building a virus-proof PC with Qemu |
|
Date: |
Tue, 23 Nov 2004 18:37:41 +0100 |
Hi!
In fact I thought about the idea in context of military/classified
environment. However the technology could be interesting to
large corporations as well. Especially that Qemu performance
may justify this in not-so-distant future.
The technology could be transparent to the operating system
(build into qemu-softmmu). I don't see why this shouldn't work
with Windows. The "trusted" flag is not visible for the guest
(it's stored in "hidden" part of qemu disk image, "hidden"
registers, and "hidden" RAM area). The flag could be handled
transparently by Qemu, except that when trying to execute
"untrusted" code it could just generate illegal opcode exception.
The extension to the original idea could be to trace sensitive
(classified) data to for example block all ethernet frames that
may contain sensitive data from leaving the system.
How to mark data as "trusted"? There are many possibilities.
For example when inserting CD-ROM we could have a checkbox
(handled by host) to mark all data read from CD-ROM as
"trusted". Another possibility is to have a special utility running
inside the guest that could tell Qemu that a given file (set of
bytes on disk) contains classified data.
Regards,
Piotrek
On Tue, 23 Nov 2004 15:56:15 +0100, Magnus Damm <address@hidden> wrote:
> Hello again,
>
> On Tue, 2004-11-23 at 13:44, Bochnig, Martin wrote:
> > Hi,
> >
> > most of you know that: The easiest and most secure (100.00%) option
> > imaginable is to boot from cd/dvd and to keep the registry (in case of
> > m$-win) - or other files requiring write access - inside of a ramdrive.
> > Works.
>
> I think the idea is really nice, tried to convince some people employed
> by the Swedish army about this two years ago. The Swedish army is very
> picky about classified data and if a computer ever gets near classified
> information the machine has to be marked as classified and then the
> entire machine has to be handled very strictly. Booting from cdrom is
> simple and effective.
>
> Do you have any pointers how to do this with Windows (2k/XP) ?
>
> Thanks!
>
> / magnus
- [Qemu-devel] building a virus-proof PC with Qemu, Piotras, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Bochnig, Martin, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Magnus Damm, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Magnus Damm, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Paul Brook, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu,
Piotras <=
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Bochnig, Martin, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Karl Magdsick, 2004/11/23
- Re: [Qemu-devel] building a virus-proof PC with Qemu, Magnus Damm, 2004/11/23
Re: [Qemu-devel] building a virus-proof PC with Qemu, Andreu Escudero, 2004/11/23
Re: [Qemu-devel] building a virus-proof PC with Qemu, Paul Brook, 2004/11/23