[Info-vax] Software does wear out, was: Re: Raid Controller in I64 ans Alpha(MSA$UTIL)

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Dec 2 19:59:26 EST 2013 

On 2013-12-02, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2013-12-02 17:49:05 +0000, Simon Clubley said:
>
>> Interesting. I knew some emulators provided replacement drivers to 
>> allow the OS in the emulated environment to better interact with the 
>> emulator, but I must admit I didn't realise the replacement drivers had 
>> developed as far as providing (in this case) DPI on incoming network 
>> packets.
>
> This isn't deep packet inspection, it's that the emulator can include 
> calls to host code or assists for various common operations.  It's a 
> whole lot of work for the emulator to present the appearance of a 
> hardware controller to a guest driver, and a whole lot less work for a 
> guest driver to be modified to pass more directly through and into a 
> host driver or host device.
>

Yes, that bit I've known about for some time, but thanks. A review of what
sparked this discussion (because it's become a bit subtle):

The context for the discussion was intercepting a incoming untrusted
data stream from a outside source and filtering it so that a vulnerable
emulated VMS environment which was unchangable could be protected against
a new exploit while still allowing the VMS application to continue working.

The problem discussed in this future scenario is that VMS is frozen because
VMS Engineering support is no longer available and hence VMS cannot be
modified to fix new security issues or internal issues such as the
possible time related issues also mentioned.

I pointed out that in the general case this means VMS in a emulated
environment is not viable for production use without software support, but
that in this specific case, assuming resources and tools were available,
it may be possible to write a module for a firewall to perform DPI to
tackle a specific new exploit.

I also speculated it may be possible, given access to the emulator's
sources and sufficient knowledge, to modify the emulated NIC in the
emulator to also perform DPI on the incoming data stream to protect VMS
against a new exploit. However, I took John's reply to mean that this
has already been done but that I wasn't aware emulators had now acquired
a DPI capabiliity.

It seems now from what you are saying is that this DPI capability, at
emulated NIC level, still doesn't exist.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

More information about the Info-vax mailing list