[vbox-dev] VirtualBox DMA Security?
Sander van Leeuwen
sander.x.van.leeuwen at oracle.com
Fri Dec 10 12:13:17 GMT 2010
Without reading the article:
- virtual devices can't write to hypervisor memory as there is no guest
physical backing for those pages (software virt. only; there is no
hypervisor mapping for VT-x/AMD-V)
- if they mean host device passthru: we don't support that
On 12/10/2010 12:54 PM, Josh x90 wrote:
> Hello all,
>
> I have an interest in virtualisation security and I've been reading into the potential DMA access security issues in virtualisation.
>
> According to one presentation:
> (http://www.research.ibm.com/haifa/conferences/systor2010/present/2_2_3_presentation.pdf)
>
> "- Untrusted guest programs a device, without any supervision.
> - Device is DMA capable (all modern devices are).
> - Which means the guest can program the device to
> overwrite any memory location.
> - Including where the hypervisor lives . . . game over."
>
> How does DMA access work in VirtualBox? I've been unable to find any information on this.
>
> Is VirtualBox vulnerable to this kind of attack?
>
> All thoughts and links to relevant information are appreciated!
>
> Cheers,
> Josh
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
--
Kind regards / Mit freundlichen Gruessen / Met vriendelijke groet
--
Sander van Leeuwen | Senior Staff Engineer, VirtualBox
Oracle Virtualization
ORACLE Deutschland B.V. & Co. KG | Werkstrasse 24 | 71384 Weinstadt
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Rijnzathe 6, 3454PV De Meern, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
More information about the vbox-dev
mailing list