| >The claim that VMM's provide high level security is trading on the | >reputation of work done (and published) years ago which has little if | >anything to do with the software actually being run. | | Actually VMMs do provide some security, but not in the way you think. | Since malware researchers typically run malware they're analysing | inside a VM, quite a bit of malware will silently exit (or at least | not exercise the "mal" part of its name) if it detects that it's | running inside a VM. So you can inoculate yourself against at least | some malware by running your OS inside a VM. Ah, yes - the unexpected side-effect which happens to be positive.
If you read Garfinkle et al's paper on the detectability of VMM's - and the low likelyhood of ever producing an undetectable VMM's - you can see some similar things happening. Some of the techniques are fairly universal - e.g., those based on measuring TLB sizes, which is likely to be usable on any machine that uses virtual memory. But many others are based on ugly botches in the x86 architecture (e.g., the user-mode instructions like SIDT which reveal privileged state) or the absurd complexity and rough edges of many I/O devices. For security in general, unexpected side-effects are almost always paths to break into the system - think power and timing analysis for two great examples. I suppose we have to catch a break sometimes.... -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]