Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Phoenix Partners With Rutkowska in Securing Hypervisor
New ultra-thin hypervisor will benefit from further Blue Pill researchOct 25, 2007 | 09:08 AM
By Kelly Jackson HigginsDarkReading
Phoenix Technologies has teamed up with researcher and stealth malware expert Joanna Rutkowska and her company, Invisible Things Lab, to help secure an ultra-thin hypervisor that the firmware company is currently building. The company also plans to support further development of Rutkowska's famed Blue Pill virtualized rootkit prototype -- for thin hypervisor research. (See Blue Pill Gets a Refill.)
Rutkowska, founder of Invisible Things Lab, says the problem with most hypervisors today is that they are too large, which leaves them open to complexity, and therefore, vulnerabilities. "We should make sure our VMMs (hypervisors) are as thin as possible. Today, that's not the case. They're too big, almost like conventional OSes," she says.
Phoenix's new, slimmed-down hypervisor technology aims to make that footprint smaller, and will run embedded operating systems within its virtual machines. According to a Phoenix slide presentation to investors, the hypervisor's architecture is resistant to rootkits.
The first iteration of HyperCore will provide two operating systems -- one Vista-like OS and another small, custom, secure OS developed by Phoenix, according to Rutkowska.
"The user will be able to switch between those OSes on the fly, using special key combination," she says. That way, a user could use the hardened, smaller OS to do online banking transactions, for instance, she says.
Phoenix officials declined to comment on the as-yet unannounced product.
"Phoenix is in a unique position -- they are one of the biggest BIOS providers for all those PCs around the world," Rutkowska says. "The HyperCore hypervisor will be loaded from within BIOS, before any other OS. This gives unprecedented possibilities, both from a security and a usability point of view."
And Phoenix plans to leverage Invisible Things Lab's Blue Pill technology. "Phoenix would like to use our experience with thin hypervisors -- Blue Pill is a very thin hypervisor -- to make sure that their product will be secure and effective," Rutkowska says.
Rutkowska says Phoenix will support further research on Blue Pill, and will use it as a testbed for trying out new features for HyperCore, such as so-called "nested" virtualization (think Blue Pill within a Blue Pill). (See Blue Pill Gets a Refill and Hacker Smackdown.)
"Blue Pill should be understood as a research project into virtualization technology, not malware," she says. "Malware is just one application."
Rutkowska, who will speak at the upcoming SecTor security conference in Toronto, expects the new Blue Pill research, including code, to be made available to other researchers.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Trend Micro InterScan Messaging Security Virtual Appliance VMware Ready for Mail Security 09/01/2010
Networked Scanners Offer A Window Into The Enterprise, Researcher Says 09/01/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Extend Security to the Edge with Web App Security
09/02/2010
Subscribe to RSSMisconfigured Networks Are Easiest Prey, Hacker Survey Says
'BadB' Now Charged In RBS WorldPay ATM Case
Enterprise Data Continues To Leak, Study Says
MORE KEYHOLE
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
|
