Re: Virtual machine 'escape'

Tue, 04 Nov 2008 10:12:59 -0800

Successful escapes from the confines of the architecture are, historically, few and far between. For a non-privileged user who is using (or abusing) z/VM on a modern System z platform to accomplish such ends would be an extraordinary feat. I say "extraordinary feat" only because I'm inherently suspicious of words like "impossible".
Interesting historical reading on the topic can be found here: *http://tinyurl.com/58jhlt* 


(User-hostile original URL is 
http://domino.watson.ibm.com/tchjr/journalindex.nsf/3d119440d938c88b85256547004c899a/2c913e6fe13f1e5285256bfa00685acf?OpenDocument)



The article is "Penetrating an operating system: a study of VM/370 
integrity", by C. R. Attanasio, P. W. Markstein, and R. J. Phillips, 
from IBM Systems Journal Vol 15, Number 1, Page 102 (from way back in 1976).


-dan.


Gary M. Dennis wrote:

What effect would this same hack have on the intended target if the x86
system being targeted was running as a guest under z/VM?  Wouldn't the ill
effects be reduced by the wall between virtual guests inherent with z/VM?


On 11/4/08 11:42 AM, "David Boyes" <[EMAIL PROTECTED]> wrote:


  

 
    

It seems our colleagues doing virtualization on Intel have another
possible security
concern to worry about now.....

      

By far the biggest concern related to virtual machine security is

        

the

    

threat of

      

a virtual machine escape. A virtual machine escape is a theoretical

        

type

    

of

      

attack in which an attacker uses a vulnerability within a virtual

        

machine to

      

take control of either the underlying host operating system, or the

        

hypervisor

      

itself. Upon doing so, the attacker could potentially gain control

        

of

    

the other

      

virtual machines hosted on the server.

Why is it such a threat? It's the fear of the unknown, that

        

eventually

    

someone

      

will be able to do it.

        

Not just possible; proven. It's been done on an Intel Pacifica chipset,
and there was an excellent paper in IEEE Transactions on Computer
Systems on how it was done.


    


--.  .-  .-.  -.--

Gary Dennis
Mantissa Corporation
1121 Edenton Street
Birmingham, Alabama 35242-9257

p: 205.968-3942
m: 205.218-3937
f: 205.968.3932

[EMAIL PROTECTED]

http://www.mantissa.com
http://www.idovos.com

  























					Reply via email to