-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introspection for firecracker and crosvm #40
Comments
Hi @halfadmin, At the moment kvm-vmi only supports QEMU/KVM. KVMi (the new KVM subsystem for introspection) opens new ioctls and expands the KVM interface. The QEMU modifications are not that big. |
There should not be any hard dependency on qemu. I have not taken a close look at firecracker or crosvm but I expect adding KVMI support to be a 3-4 month task (assuming some inevitable refactoring and patch ping-pong). The basic KVMI flow is:
|
Thanks @mdontu. Also cc @andreeaflorescu and @aghecenco from Firecracker's team, for your insights, if you are interested. |
For crosvm, judging by the top 3 contributors, I can cc @danielverkamp, @zachreizner and @dgreid in this discussion. |
If you a are not familiar with the topic (Virtual Machine Introspection on KVM), I can suggest this presentation by @mdontu at the last KVM Forum: Advanced VMI on KVM: A Progress Report |
Amazon as well as Google have come up with some stripped down versions of KVM based virtualization. Will kvm-vmi work for those? If not, how would you estimate the porting effort?
Lots of stuff is moving in the cloud nowadays. Depending on what you run you can easily ensure that you start from a non compromised system . There is still the issue for runtime integrity protection in particular against advanced attacks and where you don't want or cannot run the analysis directly in the VM.
The text was updated successfully, but these errors were encountered: