httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amit Vasudevan <amitvasude...@gmail.com>
Subject Heartbleed Bug
Date Fri, 11 Apr 2014 14:14:37 GMT
Hello,

I am Amit Vasudevan, a scientist at CyLab, Carnegie Mellon University with
a research focus on hypervisors and trusted computing technologies. I am
also
the principal force behind the open-source eXtensible and Modular
Hypervisor
Framework (http://xmhf.org), a framework for developing new
security-oriented hypervisor applications ('hypapps') with verified
security properties on commodity platforms.

I am writing to this developer's list regarding the recent heartbleed bug.

We have in the past developed a XMHF hypapp called TrustVisor at CMU where
we
propose to keep the OpenSSL private key inside an isolated execution
envionment
within the apache web server. This would have defended against this
vulnerability.

I was wondering if there would be any interest in kick-starting a
XMHF/TrustVisor hypapp enhanced version of the apache web server software
which would be hardened against such vulnerabilities?

Thanks!

PS: You can find more information about XMHF and TrustVisor at
http://xmhf.sourceforge.net/doc/

-- 
Amit Vasudevan, Ph.D.
Research Systems Scientist
CyLab/Carnegie Mellon University
http://hypcode.org

Mime
View raw message