[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-research] Intercepting memory operations of a guest

  • To: "Sina Bahram" <sbahram@xxxxxxxxx>
  • From: "Todd Deshane" <deshantm@xxxxxxxxx>
  • Date: Mon, 8 Dec 2008 10:15:10 -0500
  • Cc: xen-research@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 08 Dec 2008 07:15:15 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:references; b=ZIDU0uzcgDkdM+hbHmXB7Pe5bJWY7S3reJIbc5sD8jj9V1dJgPnC93A8zpyV0HgWsD Q+pn8cSQorEsPjw1Av7SBcx5NspGCgBvr8LCm8XSpE+Sx7l1tdZRsYFoddhMB3I9X9D2 EQ635cxq7UvFPiFRU1JfkDVWMsjCtuUukOALE=
  • List-id: Research Issues on Xen <xen-research.lists.xensource.com>
On Sun, Dec 7, 2008 at 8:57 PM, Sina Bahram <sbahram@xxxxxxxxx> wrote:
> Hi all,
>
> Sorry for any cross posting. I sent this to the xen-devel list and the
> xen-se list as well.
>
> I'm wanting to modify some xen source code for the purposes of some
> research, exploration, and testing of some security concepts.
>
> I have a few questions after looking through the source.
>
> All of the below applies to 32-bit guests.
>
> #1: Is there anyway possible to trap/insert some code at/hook into, any
> modification of a PV guest's page table. Anything like a hypercall handler I
> can plugin to, a function or series of functions that always gets called,
> something I can provide a call back to, or anything else?
>
> #2: For some research purposes, I plan on replicating portions of the page
> table of a guest, only those pages of the guest's kernel. I hope to do this
> by the supervisory bit being set; however, I welcome any suggestions of a
> better approach to detecting when kernel pages are being modified?
>
> In general, to explain any questions I haven't specifically asked above; I'm
> looking for the appropriate place in xen to intercept any writes, reads, and
> executes of a guest's memory.
>
> Also, would such activities be easier or more difficult with hvm guests?
> Since xen has to provide hvm guests an individual CR3, would such a place be
> much easier to hook into because of any abstraction layers that already
> exist for such things?
>
> The only reason I picked pv guests was that the semantics of what is a
> kernel page and what is not might not be as easy to determine in an hvm
> guest, but perhaps this is not the case?
>

You may want to take a look at the Xen Introspection Project:
http://blog.xen.org/index.php/2008/10/27/new-xen-introspection-project-launching/
http://blog.xen.org/index.php/2008/11/12/xen-introspect-project-update/

Cheers,
Todd

-- 
Todd Deshane
http://todddeshane.net
http://runningxen.com

_______________________________________________
Xen-research mailing list
Xen-research@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-research

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.