[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] memory introspection


  • To: xen-devel@xxxxxxxxxxxxx
  • From: Mihai DonÈu <mihai.dontu@xxxxxxxxx>
  • Date: Tue, 12 Jun 2012 15:48:28 +0300
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Delivery-date: Tue, 12 Jun 2012 12:48:53 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gmail.com; b=oqc2oaquXploGmohkRFMICmjBP/ntHbrdrY6E8Ci/XrEgfX56Vzf+0lPE5OqBMtCPtl1oMnE1QeMgIytsRyeOxg05JUJZcypCsgd1hOvHPr4f/zgxjHS6q+SSfjZv1vY+kmH/NN3L8GmhAEWt//J85YCKO65fKZc/g7bXVjkCWQ= ;
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi,

I would like to reopen a discussion which took place some time ago
here:

http://lists.xen.org/archives/html/xen-introspect/2008-11/msg00001.html

but with a focus on in-hv introspection, that is: the engine doing the
introspection lives in the same ring / memory-space as the hypervisor
itself.

The technology I plan to use is proprietary and with an already defined
interface, so I'm looking at adding some glue code to Xen in order to
make the two understand each other. The reason the engine needs to
reside in the same space as the hv is that it wants to closely monitor
certain memory and register changes in order to identify possible
rootkits, changes which (depending on the OS) can occur in a legitimate
way many many times per second.

Before I go into more detail I would like to know if, from a legal
point of view, there's any way to have a closed source component using
the private Xen API (the ones handling exceptions, register changes etc.
for domU-s), or if a glue code licensed as LGPL would be enough to
bridge the GPL-proprietary gap.

I'd be happy to help if the glue code were to evolve into an API in its
own right which other companies can use.

Thank you,

-- 
Mihai DonÈu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.