Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xense-devel] xenwatch and xenswitch processes

from [Bryan D. Payne] [Permanent Link][Original]
To: "Joop Boonen" <joop_boonen@xxxxxx>
Subject: Re: [Xense-devel] xenwatch and xenswitch processes
From: "Bryan D. Payne" <bryan@xxxxxxxxxxxx>
Date: Tue, 18 Jul 2006 08:41:07 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 18 Jul 2006 05:41:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <36454.62.140.134.15.1153223150.squirrel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <36454.62.140.134.15.1153223150.squirrel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
I have the following question. I've used xen what i see in a DomU is the 
xenswitch and xenwatch processes. When i have users on a system or a
firewall on DomU is hacked they know it's running on xen. Is there a way 
to not show/hide these processes?
While you might be able to hide the processes (e.g., using a rootkit), I think that there's a larger issue here. It sounds like you're goal is to completely hide the fact that a machine is running in a domU. And, for better or worse, this is very hard to do.
Consider, for example, Red Pill. This small program can detect when it's running in a virtualized environment: 

http://invisiblethings.org/papers/redpill.html

Cheers,
bryan


-
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xense-devel] xenwatch and xenswitch processes, Joop Boonen
Next by Date:  Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Reiner Sailer
Previous by Thread:  [Xense-devel] xenwatch and xenswitch processes, Joop Boonen
Next by Thread:  Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Reiner Sailer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy