[BitVisor-devel-en:7] Bitvisor memory protection
Nafise Sadat Moosavi
ns.moosavi at gmail.com
Sun Apr 3 20:25:02 JST 2011
Dear Bitvisor developers,
As stated in the first Bitvisor paper, Bitvisor uses Int0x15 for protecting
its memory from guest OS. However, there are manual way of probing memory
map instead of using BIOS int0x15, which are not recommended but still can
be used.
Assume a guest OS which contains a rootkit for detection and destruction of
Bitvisor. It can guess the memory area of Bitvisor by using int0x15 results
during Bitvisor presence and absence in the same system, and then it can use
manual ways of memory access (without using int0x15) for destruction of the
hypervisor in memory.
Can Bitvisor protect itself against such attacks?
Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bitvisor.org/archives/bitvisor-devel-en/attachments/20110403/f446e9fa/attachment.html
More information about the BitVisor-devel-en
mailing list