Collaborative Research: II-New: OpenVMI: A Software Instrument for Virtual Machine Introspection

协作研究：II-新：OpenVMI：用于虚拟机自省的软件工具

• 批准号: 0855141
• 负责人: Dongyan Xu
• 金额: $ 25.5万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2014-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0855141&HistoricalAwards=false
• 关键词: Collaborative; Research; II; New; OpenVMI

This project develops the OpenVMI, an open-source, software-based research instrument for virtual machine introspection (VMI). VMI is important to certain research areas such as distributed computing, automated system management and configuration, and computer security.Virtualization technologies have created new momentumfor a number of research areas such as distributed computing, automated system management and configuration, and computer security. One basic yet powerful instrumentation function in virtualization-based research is virtual machine introspection (VMI): observing a VM?s semantic states and events from outside the VM. VMI is hard to implement, mainly because of the semantic gap between the external and internal observations of the VM. Thus a generic VMI software instrument becomes highly desirable to virtualization researchers. This project develops and deploys OpenVMI, an open-source, software-based research instrument for VMI at Purdue University and North Carolina State University. OpenVMI can be thought of as a ?fluoroscopic? instrument for VMs. Through the OpenVMI API, a user will be able to obtain the VM?s semantic states and events in both kernel and user spaces without modifying or instrumenting the VM. Three research areas are identified at the PIs? institutions that will benefit from the development and deployment of OpenVMI:-Management of hosted virtual environments: This research involves monitoring, provisioning and regulating autonomous virtual environments running in a shared distributed hosting infrastructure. Open- VMI will enable non-intrusive, semantic monitoring of VMs, which will trigger VM management operations at runtime such as VM migration, resource adaptation and access control. -Monitoring, detection and investigation of user-level malware: This research is concerned with OSlevel policies and mechanisms for malware detection and investigation. By using OpenVMI, these policies and mechanisms can be moved out of the target VM, achieving stronger tamper-resistance without losing VM observability. -Monitoring of OS integrity: This research addresses the integrity of the guest OS against kernel-level attacks. It also involves detailed profiling of kernel-level attacks for future detection and recovery. OpenVMI will provide a unique vintage point to observe runtime state changes of kernel objects, which will help reveal details of an OS integrity violation. Six research projects in the above areas are designated for OpenVMI deployment.

该项目开发了OpenVMI，这是一种用于虚拟机内省（VMI）的开源，基于软件的研究工具。VMI对于分布式计算、自动化系统管理和配置、计算机安全等研究领域具有重要意义，虚拟化技术为分布式计算、自动化系统管理和配置、计算机安全等研究领域创造了新的动力。在基于虚拟化的研究中，一个基本但强大的仪器功能是虚拟机内省（VMI）：观察虚拟机？的语义状态和事件。VMI很难实现，主要是因为VM的外部和内部观察之间存在语义差距。因此，一个通用的VMI软件工具变得非常可取的虚拟化研究人员。该项目开发和部署OpenVMI，这是普渡大学和北卡罗来纳州州立大学VMI的一个开源的、基于软件的研究工具。OpenVMI可以被认为是一个？荧光透视？虚拟机的工具。通过OpenVMI API，用户将能够获得虚拟机？的语义状态和事件，而无需修改或检测VM。PI确定了三个研究领域？将从OpenVMI的开发和部署中受益的机构：-托管虚拟环境的管理：这项研究涉及在共享分布式托管基础设施中运行的自治虚拟环境的监控、配置和调节。开放- VMI将启用对VM的非侵入式语义监控，这将在运行时触发VM管理操作，例如VM迁移、资源适配和访问控制。- 监控、检测和调查用户级恶意软件：本研究关注用于恶意软件检测和调查的操作系统级策略和机制。通过使用OpenVMI，这些策略和机制可以移出目标VM，从而实现更强的防篡改能力，而不会失去VM的可观察性。- 监控操作系统完整性：本研究解决了客户操作系统的完整性，以抵御内核级攻击。它还涉及对内核级攻击的详细分析，以便将来进行检测和恢复。OpenVMI将提供一个独特的vintage点来观察内核对象的运行时状态变化，这将有助于揭示操作系统完整性违规的细节。上述领域的六个研究项目被指定用于OpenVMI部署。