WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] XenAccess Library: Introspection for Xen

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] XenAccess Library: Introspection for Xen
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Thu, 27 Apr 2006 01:07:51 +0100
Cc: "Bryan D. Payne" <bryan@xxxxxxxxxxxx>
Delivery-date: Wed, 26 Apr 2006 17:10:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <D56FF1F2-C3DC-421F-8186-CBEDD3B6FE62@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <D56FF1F2-C3DC-421F-8186-CBEDD3B6FE62@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1
> I'm pleased to announce a new project called XenAccess.  The project
> goals are to provide a full featured introspection library for Xen.
> Introspection is a technique where applications in one domain can
> view memory from another domain.  For example, you can run an
> application in dom0 to list the processes or LKMs in a domU.  More
> information is available on the website:

Sounds like a great idea.

I can see this being useful for IDS, for system monitoring, live problem 
diagnosis (e.g. trying to figure out what's going on in a machine that's 
become unresponsive), etc.

Eventually you could extend this with the ability to interpose on disk / 
network IO using the tap drivers (these are a bit out of date at the moment, 
but I understand Andy is intending to work on them again at some point).

> Introspection has been discussed for a few years in the research
> community.  I'm hoping that this open source project will allow more
> people to play with it and start thinking about interesting
> applications for it.  And, of course, I'd be happy to see others
> interested in introspection get involved with this project as well!
>

It would be very nice to see Open Source IDS solutions based on this.  Had you 
considered porting an existing in-host IDS to use your introspection library 
to monitor another domain instead?

Actually, we can achieve several levels of monitoring now if we want:
1) IDS within a domain, either or both user and kernelspace.
2) IDS based on introspection in another domain on the same system.
3) IDS monitoring network traffic, either or both on the same system, or 
another host on the network.

Another thing I've been thinking would be neat is to feed all this data (in 
some standard format) into an IDS aggregator.  I've heard of such things, I 
think, but I don't know what the current state of the art is.  It should be 
possible to get quite accurate pinpointing and diagnosis of both virtualised 
and non-virtualised servers across an enterprise this way.

Good luck with your work, anyhow!

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>