[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Virtualization Based Hardening (VBH) - Intel / Bitdefender

I’ve found another interesting kernel self-protection module (like LKRG) using virtualization to protect the kernel.

Using this would of course be nested virtualization but in the video, they say it works fine in KVM.

I haven’t yet tested this though and it seems quite complex.

1 Like

Interesting however it is Intel only and the juicy features are unpublished:

  • Help Prevent privilege escalation attack against Linux kernel. (source code not published)
  • Help protect Linux’s kernel code against tampering (source code not published)
1 Like

Acknowledged.

This however would be OK in theory if we used bitdefender/vbh_sample since that is fully Open Source?

If you’re wondering why I was packaging LKRG and not yet VBH:

  • Time is one reason.
  • Another is that LKRG is supported by Adam and Solar. Both are very responsive on the mailing list for years, very reasonable and easy to talk to. I haven’t seen much from VBH yet but also didn’t search.

If someone wants to move this forward, I suggest:

  • discuss VBH on LKRG mailing list
  • try VBH in Debian, Kicksecure, and Whonix, contact upstream when applicable.

Packaging VBH might be similarly doable for me if it’s a “pure” kernel module since I already packaged LKRG. Useful? Dunno, I don’t know if VBH does things that LKRG doesn’t. Please contact both upstream’s to talk about this.

Related: Linux Kernel Runtime Guard (LKRG) - Linux Kernel Runtime Integrity Checking and Exploit Detection

2 Likes

This presentation from the KVM Forum conference mentions Intel Bitdefender as the first commercial grade and opensource tool of its kind:

Also interesting stuff about the advantages of VMI

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]