Hai *! We [0] are developing x-tier [1], a VMI system that injects code into a kvm guest from the hypervisor. Currently we're using kernel modules to be executed in the context of the VM. The execution is carefully separated from the target VM so the injection remains stealthy (as always, except for timing attacks). Using this method, we could even redirect system calls from the hypervisor into a VM transparently[2]. Programs running on the host are obtaining their data from the guest stealthily that way :D What I want to ask the kvm folks: Would there be interest integrating the kernel components upstream? Mainly it would provide guest os-independent code injection. All implementation is free software already [3][4], of course it needs a lot of polishing before going upstream ;) The userspace part is a modified qemu [5], we're trying to move all the injection procedures into the kernel though. Work is in progress.. Cheers, JJ [0] https://www.sec.in.tum.de/ [1] http://link.springer.com/chapter/10.1007/978-3-642-38631-2_15 [2] https://home.in.tum.de/~jelten/dynamic-syscall-translation.pdf [3] https://github.com/TheJJ/x-tier [4] https://github.com/TheJJ/linux [5] https://github.com/TheJJ/qemu
Attachment:
signature.asc
Description: OpenPGP digital signature
