Collaborative Research: II-New: OpenVMI: A Software Instrument for Virtual Machine Introspection

协作研究：II-新：OpenVMI：用于虚拟机自省的软件工具

• 批准号: 0855141
• 负责人: Dongyan Xu
• 金额: $ 25.5万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2014-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0855141&HistoricalAwards=false
• 关键词: Collaborative; Research; II; New; OpenVMI

This project develops the OpenVMI, an open-source, software-based research instrument for virtual machine introspection (VMI). VMI is important to certain research areas such as distributed computing, automated system management and configuration, and computer security.Virtualization technologies have created new momentumfor a number of research areas such as distributed computing, automated system management and configuration, and computer security. One basic yet powerful instrumentation function in virtualization-based research is virtual machine introspection (VMI): observing a VM?s semantic states and events from outside the VM. VMI is hard to implement, mainly because of the semantic gap between the external and internal observations of the VM. Thus a generic VMI software instrument becomes highly desirable to virtualization researchers. This project develops and deploys OpenVMI, an open-source, software-based research instrument for VMI at Purdue University and North Carolina State University. OpenVMI can be thought of as a ?fluoroscopic? instrument for VMs. Through the OpenVMI API, a user will be able to obtain the VM?s semantic states and events in both kernel and user spaces without modifying or instrumenting the VM. Three research areas are identified at the PIs? institutions that will benefit from the development and deployment of OpenVMI:-Management of hosted virtual environments: This research involves monitoring, provisioning and regulating autonomous virtual environments running in a shared distributed hosting infrastructure. Open- VMI will enable non-intrusive, semantic monitoring of VMs, which will trigger VM management operations at runtime such as VM migration, resource adaptation and access control. -Monitoring, detection and investigation of user-level malware: This research is concerned with OSlevel policies and mechanisms for malware detection and investigation. By using OpenVMI, these policies and mechanisms can be moved out of the target VM, achieving stronger tamper-resistance without losing VM observability. -Monitoring of OS integrity: This research addresses the integrity of the guest OS against kernel-level attacks. It also involves detailed profiling of kernel-level attacks for future detection and recovery. OpenVMI will provide a unique vintage point to observe runtime state changes of kernel objects, which will help reveal details of an OS integrity violation. Six research projects in the above areas are designated for OpenVMI deployment.

该项目开发 OpenVMI，这是一种用于虚拟机自省 (VMI) 的开源、基于软件的研究工具。 VMI对于分布式计算、自动化系统管理与配置、计算机安全等某些研究领域具有重要意义。虚拟化技术为分布式计算、自动化系统管理与配置、计算机安全等多个研究领域创造了新的动力。基于虚拟化的研究中一项基本但强大的工具功能是虚拟机自省 (VMI)：从 VM 外部观察 VM 的语义状态和事件。 VMI很难实现，主要是因为VM的外部和内部观察之间存在语义差距。因此，虚拟化研究人员非常需要通用的 VMI 软件工具。该项目开发并部署 OpenVMI，这是一种基于软件的开源研究工具，适用于普渡大学和北卡罗来纳州立大学的 VMI。 OpenVMI 可以被认为是“透视”？ VM 工具。通过 OpenVMI API，用户将能够在内核和用户空间中获取 VM 的语义状态和事件，而无需修改或检测 VM。 PI 确定了三个研究领域？将从 OpenVMI 的开发和部署中受益的机构： - 托管虚拟环境的管理：这项研究涉及监控、配置和管理在共享分布式托管基础设施中运行的自主虚拟环境。 Open-VMI将实现对虚拟机的非侵入式语义监控，这将在运行时触发虚拟机管理操作，例如虚拟机迁移、资源适配和访问控制。 -用户级恶意软件的监控、检测和调查：这项研究涉及恶意软件检测和调查的操作系统级策略和机制。通过使用OpenVMI，可以将这些策略和机制移出目标VM，在不丢失VM可观察性的情况下实现更强的防篡改能力。 - 监控操作系统完整性：这项研究解决了来宾操作系统针对内核级攻击的完整性问题。它还涉及对内核级攻击的详细分析，以供将来检测和恢复。 OpenVMI 将提供一个独特的观察点来观察内核对象的运行时状态变化，这将有助于揭示操作系统完整性违规的详细信息。上述领域的六个研究项目被指定用于 OpenVMI 部署。