Re: [Qemu-devel] building a virus-proof PC with Qemu

[Magnus Damm]

On Tue, 2004-11-23 at 23:41, Karl Magdsick wrote:
> > sorry, but why don't you use/recommend Trusted Solaris (SPARC and i386)
> > http://wwws.sun.com/software/solaris/trustedsolaris/   ?
> > I hardly doubt that it will be too easy for anyone to clone the security
> > mechanisms it provides.
> 
> I agree that making the operating system role-aware seems like a much
> more tractable solution than trying to externally trace data flows. 
> An external system would have to be extremely intelligent in order to
> work out the Pi calculus from observing data and low-level CPU
> operations.

Extremely intelligent? The theory seems pretty simple to me.
Maybe we are talking about different things?

What about this: Analyze the code block that is translated from
guest-instructions to micro operations. If any of the guest-instructions
are data that is either unmodified untrusted data or data that is the
result of any operation involving untrusted data, then create a block of
illegal instructions. Or handle the violation in a smarter way.

This assumes that it is to possible mark RAM bytes as untrusted, and a
code flow analyzer keeping track if resources (registers, flags) contain
trusted or untrusted data. Maybe something like this:

http://lists.gnu.org/archive/html/qemu-devel/2004-08/msg00285.html

/ magnus