* x-tier code injection for VMI
@ 2015-04-21 13:52 Jonas Jelten
2015-04-21 14:53 ` Jan Kiszka
0 siblings, 1 reply; 2+ messages in thread
From: Jonas Jelten @ 2015-04-21 13:52 UTC (permalink / raw)
To: kvm list
[-- Attachment #1: Type: text/plain, Size: 1254 bytes --]
Hai *!
We [0] are developing x-tier [1], a VMI system that injects code into a
kvm guest from the hypervisor.
Currently we're using kernel modules to be executed in the context of
the VM. The execution is carefully separated from the target VM so the
injection remains stealthy (as always, except for timing attacks).
Using this method, we could even redirect system calls from the
hypervisor into a VM transparently[2]. Programs running on the host are
obtaining their data from the guest stealthily that way :D
What I want to ask the kvm folks:
Would there be interest integrating the kernel components upstream?
Mainly it would provide guest os-independent code injection.
All implementation is free software already [3][4], of course it needs a
lot of polishing before going upstream ;)
The userspace part is a modified qemu [5], we're trying to move all the
injection procedures into the kernel though. Work is in progress..
Cheers,
JJ
[0] https://www.sec.in.tum.de/
[1] http://link.springer.com/chapter/10.1007/978-3-642-38631-2_15
[2] https://home.in.tum.de/~jelten/dynamic-syscall-translation.pdf
[3] https://github.com/TheJJ/x-tier
[4] https://github.com/TheJJ/linux
[5] https://github.com/TheJJ/qemu
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: x-tier code injection for VMI
2015-04-21 13:52 x-tier code injection for VMI Jonas Jelten
@ 2015-04-21 14:53 ` Jan Kiszka
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kiszka @ 2015-04-21 14:53 UTC (permalink / raw)
To: Jonas Jelten, kvm list
On 2015-04-21 15:52, Jonas Jelten wrote:
> Hai *!
>
> We [0] are developing x-tier [1], a VMI system that injects code into a
> kvm guest from the hypervisor.
>
> Currently we're using kernel modules to be executed in the context of
> the VM. The execution is carefully separated from the target VM so the
> injection remains stealthy (as always, except for timing attacks).
>
> Using this method, we could even redirect system calls from the
> hypervisor into a VM transparently[2]. Programs running on the host are
> obtaining their data from the guest stealthily that way :D
>
>
> What I want to ask the kvm folks:
> Would there be interest integrating the kernel components upstream?
> Mainly it would provide guest os-independent code injection.
>
> All implementation is free software already [3][4], of course it needs a
> lot of polishing before going upstream ;)
>
> The userspace part is a modified qemu [5], we're trying to move all the
> injection procedures into the kernel though. Work is in progress..
You may have to advertise your feature for a broader audience: What is
the added value, low level and from a higher perspective? Who may be
interested in it: research, real-world applications, and which kind?
Then, how invasive will the extension be, e.g. which performance impact
will it have for non-users, how much code is added to the kernel and how
many new interfaces (both very sensitive from maintenance and security
perspective)?
Already considered submitting a talk about it for the next KVM Forum
(http://events.linuxfoundation.org/events/kvm-forum/)?
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-04-21 14:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-21 13:52 x-tier code injection for VMI Jonas Jelten
2015-04-21 14:53 ` Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox