Has any work been done on rootkit/kernel patching detection under Xen? Eg Dom0 periodically scans mapped kernel space in DomU to see if anything has been tinkered with. Ideally this would need to operate entirely outside of DomU (for obvious reasons), but having a driver in DomU initially grant the kernel pages to Dom0 might be required. 64 bit versions of Windows have PatchGuard(?) that prevent any modification to the kernel (http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx), but because that exists ''in the box'' it can never been foolproof. More importantly, and perhaps OT, would this offer any reasonable increase in protection or is it just a short term gain? James _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel