From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jonas Jelten Subject: x-tier code injection for VMI Date: Tue, 21 Apr 2015 15:52:32 +0200 Message-ID: <55365620.7070806@in.tum.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1aiGM3TgbL0rIlH6oV7BKeUHLGti97tGW" To: kvm list Return-path: Received: from mail-out1.informatik.tu-muenchen.de ([131.159.0.8]:46973 "EHLO mail-out1.informatik.tu-muenchen.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751538AbbDUN7f (ORCPT ); Tue, 21 Apr 2015 09:59:35 -0400 Received: (Authenticated sender: jelten) by mail.in.tum.de (Postfix) with ESMTPSA id 2CE32240272 for ; Tue, 21 Apr 2015 15:53:07 +0200 (CEST) Sender: kvm-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1aiGM3TgbL0rIlH6oV7BKeUHLGti97tGW Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hai *! We [0] are developing x-tier [1], a VMI system that injects code into a kvm guest from the hypervisor. Currently we're using kernel modules to be executed in the context of the VM. The execution is carefully separated from the target VM so the injection remains stealthy (as always, except for timing attacks). Using this method, we could even redirect system calls from the hypervisor into a VM transparently[2]. Programs running on the host are obtaining their data from the guest stealthily that way :D What I want to ask the kvm folks: Would there be interest integrating the kernel components upstream? Mainly it would provide guest os-independent code injection. All implementation is free software already [3][4], of course it needs a lot of polishing before going upstream ;) The userspace part is a modified qemu [5], we're trying to move all the injection procedures into the kernel though. Work is in progress.. Cheers, JJ [0] https://www.sec.in.tum.de/ [1] http://link.springer.com/chapter/10.1007/978-3-642-38631-2_15 [2] https://home.in.tum.de/~jelten/dynamic-syscall-translation.pdf [3] https://github.com/TheJJ/x-tier [4] https://github.com/TheJJ/linux [5] https://github.com/TheJJ/qemu --1aiGM3TgbL0rIlH6oV7BKeUHLGti97tGW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVNlYgAAoJEHL6t48TARfA0lAP/0oskEzqVbTRYXGgoT4Z7sEN +DoNzcKB1pRm+chp2vY0N5utdVcxRNpQwM+w7nWbA24QNnbuk+1vFKmJvEz7gt4a z+2GeaIivCt6vqWdhXuiVCtaOR7Aq8jRz6k2julvYKAoATpUlRFI6BonLuVFakC3 xw85DsaExXYqOoqqTtEyQTPlAzq7iYJt8hxN0gNLOwC4ENaGBlgCsaqs8cRDnZPg PPA+wIylIOlpSMHjZMe0x86RxLDWlgBNDvkK3KNXzNurbBPR9jqcsaSbk0OBJiRu v9j6SuF9RxHUrMr6FIMOZgYiffJ7C8WJyIVcvbNNn55ArjDoNh5EHiToDNsEjexN bls+7G63zpLUeQBVFKA6cawz4ggxrD62WEmGjt37hWhwAUxWmnHVleNKeFT2Oc9e 9SWOnbNTEG6H6S+GQAyZlX+5y61GXCyrOls0hpyRquIogBMcWPBE9g4pzrJqOnuF SNmzBFCgYY9Qj/0tCz+XYnWBIdL8EMhYUnWSgfc8v06oNDqi58F4b+/0g6n/fe71 nwI5MpGd/oRsFZsdOnecHGi2QnBqhiEZeNzbrDIQrj+fiEOAsSz2nj8lmvDw2d6E a2Eg8+UhUGTLEsPYX0Jihr1leN916S7K+n4cJzKsyYr4a/JAtdzCmIvKO4wq49sO j7UdV3gyyIPVo5qyaYE4 =hQOl -----END PGP SIGNATURE----- --1aiGM3TgbL0rIlH6oV7BKeUHLGti97tGW--