DISQUS

Website
http://www.matasano.com/log
Original page
http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/
Subscribe
All Comments
Community
Top Commenters
- Press Controls
  3 comments · 2 points
- ChrisMtso
  12 comments · 1 points
- Eric Monti
  11 comments · 1 points
- StatlerAndWaldorf
  12 comments · 3 points
- Dave G.
  7 comments · 1 points
Popular Threads

yakov · 2 years ago

Excellent explanation Thomas. Still I don't see how it detects only unauthorized hypervisors. Won't legitimate use case of software running in a VM cause false positive?
Thomas Ptacek · 2 years ago

If run from within ring 0 of a guest operating system, of course; it will simply detect the fact that the guest is in fact a guest.

But if run from within ring 0 of the host ("ring -1", as it were), it spots unexpected virtualization --- a "smoking gun" when the hypervisor is itself not expected to be virtualized.
Matt · 2 years ago

The first link ("all over the place") is not kablamo. Also, the combinatoric cognitive dissonance of the HSAS, Sesame Street, and the memory hierarchy nearly made my head explode this morning.
Andrew · 2 years ago

Your memory hierarchy diagram is beautiful.
Alfred Huger · 2 years ago

Wow, that is a fantastic writeup Tom, thanks.
TK · 2 years ago

Can we add a pwnie category for best blog post of the year? Anything describing security with sesame street chars is sure to become an instant classic... :)