[vbox-dev] doubt regarding API support.
raghavan.mit at gmail.com
Wed Dec 24 10:54:11 PST 2008
Hi, I could understand it would be a challenging task.It would be great
> if someone cud guide me of how i have to proceed
> what are the basics shud i learn ?
> to understand virtual box architecture ... and add this component which is
> capable of inspecting the kernel data structures of created guest virtual
Can anyone guide me of wat all basics of Virtual box shud i know to
accomplish the task of adding a module which cud check the integrity of the
running kernel's sensitive data structures
> On Tue, Nov 25, 2008 at 6:21 PM, Klaus Espenlaub <Klaus.Espenlaub at sun.com>wrote:
>> raghavan m wrote:
>> > hi
>> > I am a newbie to Virtual box . I am doing a project on Host Based
>> > Intrusion detection based on hypervisor based introspection for virtual
>> > machines.
>> > Hypervisor based introspection is checking integrity of various kernel
>> > data strcutures from outside the kernel thru APIs provided by
>> > Is it possible with virtual box API to fetch certain Kernel data
>> > structures and files of the virtual machine ?
>> > i would be running a process outside the hypervisor . This process must
>> > be able to fetch content about a file or a kernel data structure of a
>> > guest virtual OS running on hypervisor ... is it possible ?
>> The hypervisor knows nothing about what executes in it, so it is
>> difficult to inspect kernel data structures (whether that's process
>> tables, files or what not). I'm not saying it's impossible, but it's
>> certainly a challenge.
>> VirtualBox doesn't require modifications to the guests, which as a
>> consequence means that the knowledge of what the guest is doing is
>> extremely limited. The "OS type" selection is purely for selecting
>> appropriate defaults for setting up the VM. But apart from that it's
>> purely informational. The hypervisor actually doesn't get the value, it
>> just gets the individual VM settings.
>> To summarize: There is definitely no API which can do out of the box
>> what you're hinting at.
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev