[Qemu-devel] Minos-type integrity checking in QEMU

[Qemu-devel] Minos-type integrity checking in QEMU

[Shashidhar Mysore]

[-- Attachment #1: Type: text/plain, Size: 1095 bytes --]

Hi,

I am trying to incorporate into QEMU (x86) some structures to maintain
integrity of data that flows in the processor. Specifically, I want to
maintain a bit for every physical memory address and transfer the state
information for every address along onto the virtual memory, and also down
to the instructions which operate on data, and bit arrays for registers (so
that when an operand is fetched from a particular register, we also have the
state information for that register). I am trying to build a Minos type
architecture ( http://minos.cs.ucdavis.edu/) but in QEMU instead of Bochs.

For this, as far as I can see, I need to maintain a set of new structures to
shadow the physical memory and make changes to the micro ops defined in
target-i386/op.c so that every instruction can track the state and store
them for every register used as an operand. I'm not sure if somebody has
already implemented such a system on QEMU? I am just beginning to think and
work on this, so any pointers/suggestions would be greatly appreciated.
Please let me know your views on this.

Thanks,
-Shashi.

[-- Attachment #2: Type: text/html, Size: 1241 bytes --]

Re: [Qemu-devel] Minos-type integrity checking in QEMU

[maestro]

Hello Shashi!

you might wanna take a look at the argos [0] project. they do exactly
that kind of stuff.
we implemented something quite similar as the base of my masters thesis
a technical report is available at [1] although what you need is only
covered in a single chapter.

btw. i found it to be easier to make the changes in translate.c instead
of changing every op in op.c

cheers
m.

[0] http://www.few.vu.nl/argos/
[1] http://seclab.tuwien.ac.at/papers/tqana.pdf

Am Mittwoch, den 25.04.2007, 01:16 -0700 schrieb Shashidhar Mysore:
> Hi,
> 
> I am trying to incorporate into QEMU (x86) some structures to maintain
> integrity of data that flows in the processor. Specifically, I want to
> maintain a bit for every physical memory address and transfer the
> state information for every address along onto the virtual memory, and
> also down to the instructions which operate on data, and bit arrays
> for registers (so that when an operand is fetched from a particular
> register, we also have the state information for that register). I am
> trying to build a Minos type architecture
> ( http://minos.cs.ucdavis.edu/) but in QEMU instead of Bochs. 
> 
> For this, as far as I can see, I need to maintain a set of new
> structures to shadow the physical memory and make changes to the micro
> ops defined in target-i386/op.c so that every instruction can track
> the state and store them for every register used as an operand. I'm
> not sure if somebody has already implemented such a system on QEMU? I
> am just beginning to think and work on this, so any
> pointers/suggestions would be greatly appreciated. Please let me know
> your views on this. 
> 
> Thanks,
> -Shashi.

Re: [Qemu-devel] Minos-type integrity checking in QEMU

[Shashidhar Mysore]

[-- Attachment #1: Type: text/plain, Size: 2382 bytes --]

Hi,

Thank you very much for the links. I am looking into your thesis right now,
Congratulations! nice work. I really liked the idea of your project,
especially tracking control dependencies along with data dependency in QEMU.
One question I have is the way in which you obtain process information from
the operating system (The CR3 register, EPROCESS, etc) - Though you have
mainly spoken about Windows, can you tell me if it is possible to do the
same in Linux ? Also, is there a link from where I can download your tool?
or patches to QEMU?

Thanks again!
-Shashi.

On 4/25/07, maestro <maestro82@gmail.com> wrote:
>
> Hello Shashi!
>
> you might wanna take a look at the argos [0] project. they do exactly
> that kind of stuff.
> we implemented something quite similar as the base of my masters thesis
> a technical report is available at [1] although what you need is only
> covered in a single chapter.
>
> btw. i found it to be easier to make the changes in translate.c instead
> of changing every op in op.c
>
> cheers
> m.
>
> [0] http://www.few.vu.nl/argos/
> [1] http://seclab.tuwien.ac.at/papers/tqana.pdf
>
> Am Mittwoch, den 25.04.2007, 01:16 -0700 schrieb Shashidhar Mysore:
> > Hi,
> >
> > I am trying to incorporate into QEMU (x86) some structures to maintain
> > integrity of data that flows in the processor. Specifically, I want to
> > maintain a bit for every physical memory address and transfer the
> > state information for every address along onto the virtual memory, and
> > also down to the instructions which operate on data, and bit arrays
> > for registers (so that when an operand is fetched from a particular
> > register, we also have the state information for that register). I am
> > trying to build a Minos type architecture
> > ( http://minos.cs.ucdavis.edu/) but in QEMU instead of Bochs.
> >
> > For this, as far as I can see, I need to maintain a set of new
> > structures to shadow the physical memory and make changes to the micro
> > ops defined in target-i386/op.c so that every instruction can track
> > the state and store them for every register used as an operand. I'm
> > not sure if somebody has already implemented such a system on QEMU? I
> > am just beginning to think and work on this, so any
> > pointers/suggestions would be greatly appreciated. Please let me know
> > your views on this.
> >
> > Thanks,
> > -Shashi.
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 2951 bytes --]