WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-introspect

Re: [Xen-introspect] Starting Points for the Xen Introspection Project

To: "Hajime Inoue" <hinoue@xxxxxxxxxxxxxx>
Subject: Re: [Xen-introspect] Starting Points for the Xen Introspection Project
From: "Bryan D. Payne" <bryan@xxxxxxxxxxxx>
Date: Tue, 18 Nov 2008 16:26:03 -0500
Cc: xen-introspect@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 18 Nov 2008 13:26:08 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=t8n233bzAzzjwQ+dnDuhDo8c+EhbbMgVV0/sYLkiaC4=; b=Oa+Zg1sUwHyDky1EqpHuHy6otHsDeTY25qpBcbIq6UehptT2u6gvnyzGupKo5GJr5d jHd8KHHec/jrNGvweaqNFCaLYwqqhBtOg3iQbK+dKdwKQugkflPveagseS2ee5J5x70/ fgcACvr2htO6Bx/urJ0YjCJVCmLpEtKcC/OLI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=KlhxxFT7dhGoybYtX+4pPmvKsETFybWUvARTOZknBcKtuuwtx744NnXFhB6J6duZ6T MoXnxPW490HnMe5oziqVtrV7xYc0jagoZ686XxnOuKYIUjZ4VaJwtwczMJuADaAesZHd 8i4tZlFghaF2g6Xaejo6Gux+dTSxW4/WqKOSg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <60D45469A1AAD311A04C009027B6BF680669DE4E@SERVER20>
List-archive: <http://lists.xensource.com/archives/html/xen-introspect>
List-help: <mailto:xen-introspect-request@lists.xensource.com?subject=help>
List-id: xen-introspect.lists.xensource.com
List-post: <mailto:xen-introspect@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-introspect>, <mailto:xen-introspect-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-introspect>, <mailto:xen-introspect-request@lists.xensource.com?subject=unsubscribe>
References: <60D45469A1AAD311A04C009027B6BF680669DE4E@SERVER20>
Sender: xen-introspect-bounces@xxxxxxxxxxxxxxxxxxx
I have a few thoughts / comments available in-line below...

> do.  We listed some general requirements during the first teleconference.
> >From ATC-NY's perspective, our highest priority feature is the ability to
> trap on guest memory accesses (rwx) to specific addresses.

There are basically two ways to do this.  Ether, as you described in
your message is one of them.  The lead author of the Ether project is
a colleague here at GA Tech, so I can easily ask him question as
needed.  Another option is Lares [4].  Lares probably is *not* what we
want here as it requires insertion of hooks at runtime into the guest
VM.  As such, it can be a little tricker to make this a general
purpose solution.  There are certainly pros and cons to each option,
so it's worth being aware of both.

> introspection tool.  I believe to get something running quickly we should
> adapt an existing project and tweak the API over time.  It is better to have
> something running than to fully design a project before implementation.

I certainly like this approach.  Basically, get something in there
that works and then build on it.

> The introspection project requires two pieces:  a hypervisor component and a
> user-space component.  XenAccess and VIX offer a user-space library for
> implementing introspection tools.  It would be nice to be able to compare
> these libraries and use one as a basis for future feature inclusions.

Agreed.  If the VIX people can make their source available and / or
provide more technical details, that would be very useful at this
stage.

> most advanced hypervisor component currently available, that I'm aware of,
> is Ether.  Ether is still immature but offers the features that ATC-NY
> desires most.

Another thought here is that I believe someone from Xen (Ian? or
Keir?) mentioned on the conference call the idea of adding typed
p-to-m tables.  This would basically allow for similar functionality,
if I understand their thinking correctly.

> Licensing is also an issue.  We are quite happy to contribute to an open
> source introspection library, but we would like the option to keep some of
> the tools built using it proprietary.  We would therefore like the
> introspection library to be LGPL'd or less restrictive.  Other commercial
> vendors would likely have similar concerns.  The current XenAccess version
> is problematic because of its dependence on libxenctrl.  We would want to
> avoid any gpl dependency in a Xen introspection library.

I have designed a new architecture that would help to alleviate this
problem.  However, it is not yet implemented.  If this is an issue
that needs to be resolved, perhaps we could find someone to implement
that architecture (basically just a kernel module that creates a /dev
interface allowing for physical memory access to each of the xen
domains from dom0).  I guess the take home point here is that the
licensing issue is resolvable without requiring a major rewrite of
XenAccess.


References:

[4] Bryan Payne et al. Lares: An Architecture for Secure Active
Monitoring Using Virtualization. IEEE Symposium on Security and
Privacy. 2008.



-- 
Bryan D. Payne
Research Scientist & Graduate Student
Georgia Tech Information Security Center
http://www.bryanpayne.org

_______________________________________________
Xen-introspect mailing list
Xen-introspect@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-introspect

<Prev in Thread] Current Thread [Next in Thread>