VMM and introspection are important building blocks to create high assurance systems. In this view, we have developed Psyco-Virt, a software architecture that integrates introspection with a set of host and network IDS tools to achieve high assurance on the integrity of the VMs. The overall architecture consists of a cluster of monitored VMs (Mon-VMs), i.e. the VMs to monitor, and introspection VMs (IVMs) to implement the monitoring. All the Mon-VMs are mapped onto a cluster of physical nodes, and one IVM is introduced for each physical node. All the Mon-VMs are connected by a virtual network, the data one, to exchange application traffic. A further virtual network, the control network, connects all the IVMs and each IVM and the Mon-VMs on the same node. This is a private hierarchical network that spans across distinct physical nodes to support the exchange of alerts and introspection information. A set of IDS agents on each Mon-VM discovers attempted intrusions/ attacks and, in such a case, an agent alerts the IVM through the control network. In Psyco-Virt, the kernel of each Mon-VM guarantees the integrity of the controls implemented by the IDS agents, while an introspector running on the IVM exploits the VMM control interface to apply introspection and monitor the kernel of each Mon-VM to discover attacks against the kernel itself.
Towards High Assurance Networks of Virtual Machines
BAIARDI, FABRIZIO;
2009-01-01
Abstract
VMM and introspection are important building blocks to create high assurance systems. In this view, we have developed Psyco-Virt, a software architecture that integrates introspection with a set of host and network IDS tools to achieve high assurance on the integrity of the VMs. The overall architecture consists of a cluster of monitored VMs (Mon-VMs), i.e. the VMs to monitor, and introspection VMs (IVMs) to implement the monitoring. All the Mon-VMs are mapped onto a cluster of physical nodes, and one IVM is introduced for each physical node. All the Mon-VMs are connected by a virtual network, the data one, to exchange application traffic. A further virtual network, the control network, connects all the IVMs and each IVM and the Mon-VMs on the same node. This is a private hierarchical network that spans across distinct physical nodes to support the exchange of alerts and introspection information. A set of IDS agents on each Mon-VM discovers attempted intrusions/ attacks and, in such a case, an agent alerts the IVM through the control network. In Psyco-Virt, the kernel of each Mon-VM guarantees the integrity of the controls implemented by the IDS agents, while an introspector running on the IVM exploits the VMM control interface to apply introspection and monitor the kernel of each Mon-VM to discover attacks against the kernel itself.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.