bryan at thepaynes
Jun 2, 2009, 9:33 AM
Post #2 of 5
> I'm inviting other opinions on how we could move the project forward. I
> suspect most participants are still very interested, but also very busy on
> other projects. If anyone else has an update, please let us know.
I agree with a lot of Steve's points. However, perhaps I can add a
bit to this discussion.
* I have continued the development of XenAccess. However, this
process has been slow because I basically fit it in when I have some
spare time. I believe that XenAccess could serve as the foundation
for an "official" Xen introspection effort if this is what the
community wants. After all, it is the only current open source
solution available. To get there I think that we would need to smooth
out some of the edges (fix some bugs, add some important features).
And, of course, this is strictly a passive monitoring solution right
* For active monitoring (i.e., memory-based triggers / typed shadow
page tables / etc), I have been in contact with someone who may be
interested in working with me to implement this feature. We are
currently in the very preliminary stages, but I'm hopefully that this
will evolve into a hypervisor patch that would ultimately allow us to
add active monitoring functionality into XenAccess.
* I would be interested in receiving feedback from the community as to
their interest level in seeing XenAccess matured and integrated with
Xen versus keeping it as a separate project. Perhaps this goes
towards understanding the overall goals of those who are interested in
introspection with Xen.
* I have heard from many people in the community that they are
interested in seeing an introspection solution for Xen. Perhaps
something like VMSafe. However, I have yet to see any solid
commitment from anyone to help make this happen. I am, of course,
personally interested in seeing this come together, and will continue
working on it when I can, but without outside support it will be slow.
Bryan D. Payne
Research Scientist & Graduate Student
Georgia Tech Information Security Center
Xen-introspect mailing list
Xen-introspect [at] lists