but _is_ the pentium securely virtualizable? (Re: Cryptogram: Palladium Only for DRM)

Nathaniel Daw daw at cs.cmu.edu
Tue Sep 17 18:01:51 EDT 2002


> The fact that VMWare works just means they used some tricks to make it
> practically virtualize some common OSes, not that it is no longer
> possible to write malicious software to run as user or privileged
> level inside the guest OS and have it escape the virtualization.

I spoke with someone who had evaluated the appropriateness of the VMWare
internals for security sandboxing with respect to just this point. He
seemed to believe that it is simply not possible for processes in the
guest to escape the sandbox (perhaps, in light of the paper you
cite, this signals inefficiencies in VMWare). Other people on this list
were, I believe, involved in porting VMWare to be hosted under the BSD
architecture and may be able to speak further about this. In any case,
the broader point that has been made repeatedly is that even if the
Pentium is not efficiently, securely virtualizable due to quirks in its
instruction set, clearly there are architectures which are but which avoid
the objectionable, user-hostile, aspects of the Pd scheme.

n



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list