[prev in list] [next in list] [prev in thread] [next in thread]
List: vbox-dev
Subject: Re: [vbox-dev] doubt regarding API support.
From: "raghavan m" <raghavan.mit () gmail ! com>
Date: 2008-12-24 18:57:11
Message-ID: a74f53cd0812241054p5ca9dfd5t369313eb107cda3c () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi, I could understand it would be a challenging task.It would be great
> if someone cud guide me of how i have to proceed
> what are the basics shud i learn ?
> to understand virtual box architecture ... and add this component which is
> capable of inspecting the kernel data structures of created guest virtual
> machines.
>
Can anyone guide me of wat all basics of Virtual box shud i know to
accomplish the task of adding a module which cud check the integrity of the
running kernel's sensitive data structures
>
>
> On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <Klaus.Espenlaub@sun.com>wrote:
>
>> raghavan m wrote:
>> >
>> > hi
>> > I am a newbie to Virtual box . I am doing a project on Host Based
>> > Intrusion detection based on hypervisor based introspection for virtual
>> > machines.
>> > Hypervisor based introspection is checking integrity of various kernel
>> > data strcutures from outside the kernel thru APIs provided by
>> hypervisor.
>> > Is it possible with virtual box API to fetch certain Kernel data
>> > structures and files of the virtual machine ?
>> > i would be running a process outside the hypervisor . This process must
>> > be able to fetch content about a file or a kernel data structure of a
>> > guest virtual OS running on hypervisor ... is it possible ?
>>
>> The hypervisor knows nothing about what executes in it, so it is
>> difficult to inspect kernel data structures (whether that's process
>> tables, files or what not). I'm not saying it's impossible, but it's
>> certainly a challenge.
>>
>> VirtualBox doesn't require modifications to the guests, which as a
>> consequence means that the knowledge of what the guest is doing is
>> extremely limited. The "OS type" selection is purely for selecting
>> appropriate defaults for setting up the VM. But apart from that it's
>> purely informational. The hypervisor actually doesn't get the value, it
>> just gets the individual VM settings.
>>
>> To summarize: There is definitely no API which can do out of the box
>> what you're hinting at.
>>
>> Klaus
>>
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev@virtualbox.org
>> http://vbox.innotek.de/mailman/listinfo/vbox-dev
>>
>
>
>
> --
> Raghavan
>
--
Raghavan
[Attachment #5 (text/html)]
<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<div> I \
could understand it would be a challenging task.It would be great if someone cud \
guide me of how i have to proceed </div> <div>what are the basics shud i learn \
? </div><div>to understand virtual box architecture ... and add this component \
which is capable of inspecting the kernel data structures of created guest virtual \
machines.</div></blockquote> <div>Can anyone guide me of wat all basics of Virtual \
box shud i know to accomplish the task of adding a module which cud check the \
integrity of the running kernel's sensitive data \
structures </div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div><div><div></div><div \
class="Wj3C7c"><br> <br><div class="gmail_quote">On Tue, Nov 25, 2008 at 6:21 PM, \
Klaus Espenlaub <span dir="ltr"><<a href="mailto:Klaus.Espenlaub@sun.com" \
target="_blank">Klaus.Espenlaub@sun.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">
<div><div></div><div>raghavan m wrote:<br>
><br>
> hi<br>
> I am a newbie to Virtual box . I am doing a project on Host Based<br>
> Intrusion detection based on hypervisor based introspection for virtual<br>
> machines.<br>
> Hypervisor based introspection is checking integrity of various kernel<br>
> data strcutures from outside the kernel thru APIs provided by hypervisor.<br>
> Is it possible with virtual box API to fetch certain Kernel data<br>
> structures and files of the virtual machine ?<br>
> i would be running a process outside the hypervisor . This process must<br>
> be able to fetch content about a file or a kernel data structure of a<br>
> guest virtual OS running on hypervisor ... is it possible ?<br>
<br>
</div></div>The hypervisor knows nothing about what executes in it, so it is<br>
difficult to inspect kernel data structures (whether that's process<br>
tables, files or what not). I'm not saying it's impossible, but it's<br>
certainly a challenge.<br>
<br>
VirtualBox doesn't require modifications to the guests, which as a<br>
consequence means that the knowledge of what the guest is doing is<br>
extremely limited. The "OS type" selection is purely for selecting<br>
appropriate defaults for setting up the VM. But apart from that it's<br>
purely informational. The hypervisor actually doesn't get the value, it<br>
just gets the individual VM settings.<br>
<br>
To summarize: There is definitely no API which can do out of the box<br>
what you're hinting at.<br>
<br>
Klaus<br>
<br>
<br>
_______________________________________________<br>
vbox-dev mailing list<br>
<a href="mailto:vbox-dev@virtualbox.org" \
target="_blank">vbox-dev@virtualbox.org</a><br> <a \
href="http://vbox.innotek.de/mailman/listinfo/vbox-dev" \
target="_blank">http://vbox.innotek.de/mailman/listinfo/vbox-dev</a><br> \
</blockquote></div><br><br clear="all"><br></div></div>-- <br>Raghavan<br> </div>
</blockquote></div><br><br clear="all"><br>-- <br>Raghavan<br>
_______________________________________________
vbox-dev mailing list
vbox-dev@virtualbox.org
http://vbox.innotek.de/mailman/listinfo/vbox-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic