This has deep consequences, as it requires the underlying computer architecture to be designed in a way in which this can be carried out in a non-bypassable manner.ģ0yrs after this paper, we finally have few products that claim to do it. It's a result of John Rushby's 1981 paper which basically states that in order to have VMs isolated in a manner that could be equivalent to physical separation, the computer must export its resources to specific VMs in a way where at no point any resource that can store state is shared between VMs. The most interesting approach to securing VMs is called the Separation Kernel. Storage covert channel would be a bit harder as the virtual disks tend to have a hard limit on them, so unless you have a system that can over-commit disk space, it should not be an issue. If you are sharing CPUs, a busy process on one VM can effectively communicate state to another VM (that's your prototypical timing covert channel). Regular viruses tend to only operate in usermode, so while they couldn't communicate overtly, they could still set up a covert channel. worms) will propagate to wherever their addressing/routing allows them to. Usually you have them networked, so any malware with a network component (i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |