Collaborative Research: II-NEW: OpenVMI: A Software Instrument for Virtual Machine Introspection

协作研究：II-新：OpenVMI：用于虚拟机自省的软件工具

• 批准号: 0855036
• 负责人: Xuxian Jiang
• 金额: $ 22.5万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2014-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0855036&HistoricalAwards=false
• 关键词: Collaborative; Research; II; NEW; OpenVMI

Proposal Title: Collaborative Research: II-New: OpenVMI: A Software Instrumentfor Virtual Machine IntrospectionInstitution: Purdue UniversityAbstract Date: 07/09/09This project develops the OpenVMI, an open-source, software-based researchinstrument for virtual machine introspection (VMI). VMI is important to certain researchareas such as distributed computing, automated system management andconfiguration, and computer security.Virtualization technologies have created new momentumfor a number of research areassuch as distributed computing, automated system management and configuration, andcomputer security. One basic yet powerful instrumentation function invirtualization-based research is virtual machine introspection (VMI): observing a VM?ssemantic states and events from outside the VM. VMI is hard to implement, mainlybecause of the semantic gap between the external and internal observations of the VM.Thus a generic VMI software instrument becomes highly desirable to virtualizationresearchers.This project develops and deploys OpenVMI, an open-source, software-based researchinstrument for VMI at Purdue University and North Carolina State University. OpenVMIcan be thought of as a ?fluoroscopic? instrument for VMs. Through the OpenVMI API, auser will be able to obtain the VM?s semantic states and events in both kernel and userspaces without modifying or instrumenting the VM.Three research areas are identified at the PIs? institutions that will benefit from thedevelopment and deployment of OpenVMI:-Management of hosted virtual environments: This research involves monitoring,provisioning and regulating autonomous virtual environments running in a shareddistributed hosting infrastructure. Open- VMI will enable non-intrusive, semanticmonitoring of VMs, which will trigger VM management operations at runtime such asVM migration, resource adaptation and access control.-Monitoring, detection and investigation of user-level malware: This research isconcerned with OSlevel policies and mechanisms for malware detection andinvestigation. By using OpenVMI, these policies and mechanisms can be moved out ofthe target VM, achieving stronger tamper-resistance without losing VM observability.-Monitoring of OS integrity: This research addresses the integrity of the guest OSagainst kernel-level attacks. It also involves detailed profiling of kernel-level attacks forfuture detection and recovery. OpenVMI will provide a unique vintage point to observeruntime state changes of kernel objects, which will help reveal details of an OS integrityviolation.Six research projects in the above areas are designated for OpenVMI deployment.NATIONAL SCIENCE FOUNDATIONProposal AbstractProposal:0855141 PI Name:Xu, DongyanPrinted from eJacket: 07/25/09 Page 1 of 1

提案标题：合作研究：II-新：OpenVMI：虚拟机内省软件工具机构：Purdue University摘要日期：07/09/09本项目开发了OpenVMI，一个开源的，基于软件的虚拟机内省（VMI）研究工具。VMI对于分布式计算、自动化系统管理和配置、计算机安全等研究领域具有重要的意义，虚拟化技术为分布式计算、自动化系统管理和配置、计算机安全等研究领域创造了新的动力。在基于虚拟化的研究中，一个基本而强大的工具功能是虚拟机内省（VMI）：观察虚拟机？从VM外部访问语义状态和事件。VMI很难实现，主要是因为虚拟机的外部和内部观察之间的语义鸿沟。因此，一个通用的VMI软件工具变得非常可取的virtualizationresearchers。本项目开发和部署OpenVMI，一个开放源代码，基于软件的研究仪器在普渡大学和北卡罗来纳州州立大学的VMI。OpenVMI可以被认为是一个？荧光透视？虚拟机的工具。通过OpenVMI API，用户将能够获得虚拟机？的语义状态和事件在内核和用户空间，而无需修改或仪表VM。将从OpenVMI的开发和部署中受益的机构：-托管虚拟环境的管理：这项研究涉及监控、配置和调节在共享分布式托管基础设施中运行的自治虚拟环境。开放- VMI将启用对VM的非侵入式语义监控，这将在运行时触发VM管理操作，例如VM迁移，资源适配和访问控制。用户级恶意软件的监控、检测和调查：本研究关注用于恶意软件检测和调查的操作系统级策略和机制。通过使用OpenVMI，这些策略和机制可以从目标VM中移除，从而在不失去VM可观察性的情况下实现更强的防篡改能力。操作系统完整性的监控：本研究针对内核级攻击解决了客户操作系统的完整性。它还涉及详细分析内核级攻击，以便将来进行检测和恢复。OpenVMI将提供一个独特的vintage point，用于查看内核对象的实时状态变化，这将有助于揭示操作系统完整性违规的细节。OpenVMI部署指定了上述领域的六个研究项目。OpenVMI科学基金会提案摘要提案：0855141 PI姓名：Xu，Dongyan打印自eJacket：07/25/09第1页，共1页