Sammy Lin


The Integrity Measurements Architecture (IMA) provides attestation and integrity for Linux hosts. But what if an administrator wants to provide IMA functionality to an older (non-IMA capable) or a non Linux-based OS? If the system is deployed on top of a hypervisor, IMA functionality can be provided at the hypervisor level. This paper applies Virtual Machine Introspection (VMI) to provide IMA functionality to virtualized guest OSes. We implement a proof of concept library (using a shallow shadow filesystem) and integrate it with the Kernel-based Virtual Machine (KVM) hypervisor. The modifications provide the Linux host OS the ability to see when and what files are being accessed by the guest OS. This paper outlines the approach to its design, concept of execution, and describes the challenges encountered. The library is tested with a sample bash script created in a monitored partition; a hash of the file is printed before the file is loaded into memory.

Library of Congress Subject Headings

Linux; Computer architecture; Computer security; Virtual computer systems

Publication Date


Document Type


Student Type

- Please Select One -

Department, Program, or Center

Department of Computing Security (GCCIS)


Border, Charles


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: QA76.9.V5 L46 2009


RIT – Main Campus

Plan Codes