Abstract
The Integrity Measurements Architecture (IMA) provides attestation and integrity for Linux hosts. But what if an administrator wants to provide IMA functionality to an older (non-IMA capable) or a non Linux-based OS? If the system is deployed on top of a hypervisor, IMA functionality can be provided at the hypervisor level. This paper applies Virtual Machine Introspection (VMI) to provide IMA functionality to virtualized guest OSes. We implement a proof of concept library (using a shallow shadow filesystem) and integrate it with the Kernel-based Virtual Machine (KVM) hypervisor. The modifications provide the Linux host OS the ability to see when and what files are being accessed by the guest OS. This paper outlines the approach to its design, concept of execution, and describes the challenges encountered. The library is tested with a sample bash script created in a monitored partition; a hash of the file is printed before the file is loaded into memory.
Library of Congress Subject Headings
Linux; Computer architecture; Computer security; Virtual computer systems
Publication Date
2009
Document Type
Thesis
Student Type
- Please Select One -
Department, Program, or Center
Department of Computing Security (GCCIS)
Advisor
Border, Charles
Recommended Citation
Lin, Sammy, "Towards virtual machine integrity using introspection" (2009). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/130
Campus
RIT – Main Campus
Plan Codes
COMPSEC-MS
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: QA76.9.V5 L46 2009