Hi all,
I've been reading into virtualization security and came across Blue Pill, a malicious thin hypervisor (project website is down, archived version here: http://web.archive.org/web/20080418123748/http://www.bluepillproject.org/).
My question is: could a custom malicious hypervisor modify execution flow, inject and execute arbitrary code, look at private information in RAM of the VM or anything else?
I'm not asking whether this would be practical from a malware point of view (to implement these features, it may turn into a large and impractical backdoor). I'm interested in whether the malicious hypervisor would have complete control over every aspect of the virtualized machine.
Would there be any difference for this when it comes to a program like VirtualBox - could the Host OS execute arbitrary code inside the guest at any time it choses?
Any thoughts would be highly appreciated!
Thanks in advance,
r3mo