Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup.
1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. One could also use SMM to verify the integrity. But since this is time based approach, one could easily exploit between the time window. I was drilling down this idea, We know Write xor Execute Memory Protection Scheme. Using this idea,If we could lock down the VM-A memory pages where the service is running and also corresponding page-table entries, then have a handler code that temporarily unlocks them for legitimate updates, then one could verify the integrity of the service running. Since if attacker needs to inject some malicious code, he needs to update the page tables and if this is locked down, he will not be able to inject arbitrary code without notice. Since the unmodified hypervisor handler will not handle this situation. But here are my questions: 1. Is write xor execute feasible solution in cloud environments? Since this scheme fails or could be exploited if there is double mapping. So, what if there is mapping from different vm's to same physical memory? Will this fail? 2. what are the security threats involved if one proceeds with this scheme? Any help in this regard is greatly appreciated. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
