http://matasanochargen.disqus.com/enTue, 04 Sep 2007 10:29:47 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323027Can we add a pwnie category for best blog post of the year? Anything describing security with sesame street chars is sure to become an instant classic... :)TKTue, 04 Sep 2007 10:29:47 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323026Wow, that is a fantastic writeup Tom, thanks.Alfred HugerThu, 23 Aug 2007 14:48:01 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323025Your memory hierarchy diagram is beautiful.AndrewMon, 20 Aug 2007 22:09:03 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323024The first link ("all over the place") is not kablamo. Also, the combinatoric cognitive dissonance of the HSAS, Sesame Street, and the memory hierarchy nearly made my head explode this morning.MattMon, 20 Aug 2007 15:33:33 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323023If run from within ring 0 of a guest operating system, of course; it will simply detect the fact that the guest is in fact a guest.<br><br>But if run from within ring 0 of the host ("ring -1", as it were), it spots unexpected virtualization --- a "smoking gun" when the hypervisor is itself not expected to be virtualized.Thomas PtacekMon, 20 Aug 2007 10:52:43 -0000http://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/#comment-2323022Excellent explanation Thomas. Still I don't see how it detects only unauthorized hypervisors. Won't legitimate use case of software running in a VM cause false positive?yakovMon, 20 Aug 2007 09:53:44 -0000