Collaborative Research: II-NEW: OpenVMI: A Software Instrument for Virtual Machine Introspection

Proposal Title: Collaborative Research: II-New: OpenVMI: A Software Instrument

for Virtual Machine Introspection

Institution: Purdue University

Abstract Date: 07/09/09

This project develops the OpenVMI, an open-source, software-based research

instrument for virtual machine introspection (VMI). VMI is important to certain research

areas such as distributed computing, automated system management and

configuration, and computer security.

Virtualization technologies have created new momentumfor a number of research areas

such as distributed computing, automated system management and configuration, and

computer security. One basic yet powerful instrumentation function in

virtualization-based research is virtual machine introspection (VMI): observing a VM?s

semantic states and events from outside the VM. VMI is hard to implement, mainly

because of the semantic gap between the external and internal observations of the VM.

Thus a generic VMI software instrument becomes highly desirable to virtualization

researchers.

This project develops and deploys OpenVMI, an open-source, software-based research

instrument for VMI at Purdue University and North Carolina State University. OpenVMI

can be thought of as a ?fluoroscopic? instrument for VMs. Through the OpenVMI API, a

user will be able to obtain the VM?s semantic states and events in both kernel and user

spaces without modifying or instrumenting the VM.

Three research areas are identified at the PIs? institutions that will benefit from the

development and deployment of OpenVMI:

-Management of hosted virtual environments: This research involves monitoring,

provisioning and regulating autonomous virtual environments running in a shared

distributed hosting infrastructure. Open- VMI will enable non-intrusive, semantic

monitoring of VMs, which will trigger VM management operations at runtime such as

VM migration, resource adaptation and access control.

-Monitoring, detection and investigation of user-level malware: This research is

concerned with OSlevel policies and mechanisms for malware detection and

investigation. By using OpenVMI, these policies and mechanisms can be moved out of

the target VM, achieving stronger tamper-resistance without losing VM observability.

-Monitoring of OS integrity: This research addresses the integrity of the guest OS

against kernel-level attacks. It also involves detailed profiling of kernel-level attacks for

future detection and recovery. OpenVMI will provide a unique vintage point to observe

runtime state changes of kernel objects, which will help reveal details of an OS integrity

violation.

Six research projects in the above areas are designated for OpenVMI deployment.

NATIONAL SCIENCE FOUNDATION

Proposal Abstract

Proposal:0855141 PI Name:Xu, Dongyan

Printed from eJacket: 07/25/09 Page 1 of 1