[no subject]

[Mike Lococo <mike.lococo () NYU EDU>]

Greetings,

I'm very interested in connecting offline with other folks who are
thinking about the architectural implications of virtualization with
regard to security boundaries.  We've poured a lot of thought into it in
my office, had fairly extensive conversations with VMWare technical
staff, and still have a lot of uncertainty about the best path forward
for our environment.

> You might do a little searching for the research that Ed Skoudis and Tom
> Liston did on escaping virtual machines.  Below is an article that
> summarizes some of it.
>
> http://blogs.computerworld.com/node/5936

That article is pretty thin on details.  I've never found a paper from
from Ed and Tom on that research, but some the most authoritative links
I've seen are:

* Foolmoon has a writeup of what Ed and Tom presented at Sansfire 2007:
http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255

* Ed posted a comment at the following blog with some details:
http://www.cutawaysecurity.com/blog/archives/170

* Tavis Ormandy wrote an excellent paper paper on fuzzing various
virtualization environments, all of which had crash bugs:
http://taviso.decsystem.org/virtsec.pdf

It's worth noting that none of the research above applies to ESX, it's
all been done on Workstation or Server.  That's not to imply that ESX
has no flaws, just that it's a different architecture/codebase which
makes any kind of specific comparison to the public research difficult.

Thanks,
Mike Lococo

PS CISecurity has some hardening guides for VMWare, but they completely
punt on how/where to enforce trust boundaries.