httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amit Vasudevan <>
Subject Heartbleed Bug
Date Fri, 11 Apr 2014 14:14:37 GMT

I am Amit Vasudevan, a scientist at CyLab, Carnegie Mellon University with
a research focus on hypervisors and trusted computing technologies. I am
the principal force behind the open-source eXtensible and Modular
Framework (, a framework for developing new
security-oriented hypervisor applications ('hypapps') with verified
security properties on commodity platforms.

I am writing to this developer's list regarding the recent heartbleed bug.

We have in the past developed a XMHF hypapp called TrustVisor at CMU where
propose to keep the OpenSSL private key inside an isolated execution
within the apache web server. This would have defended against this

I was wondering if there would be any interest in kick-starting a
XMHF/TrustVisor hypapp enhanced version of the apache web server software
which would be hardened against such vulnerabilities?


PS: You can find more information about XMHF and TrustVisor at

Amit Vasudevan, Ph.D.
Research Systems Scientist
CyLab/Carnegie Mellon University

View raw message