The Integrity Measurements Architecture (IMA) provides attestation and integrity for Linux hosts. But what if an administrator wants to provide IMA functionality to an older (non-IMA capable) or a non Linux-based OS? If the system is deployed on top of a hypervisor, IMA functionality can be provided at the hypervisor level. This paper applies Virtual Machine Introspection (VMI) to provide IMA functionality to virtualized guest OSes. We implement a proof of concept library (using a shallow shadow filesystem) and integrate it with the Kernel-based Virtual Machine (KVM) hypervisor. The modifications provide the Linux host OS the ability to see when and what files are being accessed by the guest OS. This paper outlines the approach to its design, concept of execution, and describes the challenges encountered. The library is tested with a sample bash script created in a monitored partition; a hash of the file is printed before the file is loaded into memory.
Library of Congress Subject Headings
Linux; Computer architecture; Computer security; Virtual computer systems
- Please Select One -
Department, Program, or Center
Department of Computing Security (GCCIS)
Lin, Sammy, "Towards virtual machine integrity using introspection" (2009). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus