| |
|
 |
|
 |
|
|
|
| |
|
|
xense-devel
Re: [Xense-devel] Enforcing MAC policies across different machines
* secure services, e.g., monitoring of user domains (anti virus,
IDS), auditing, etc. --> there are existing monitoring projects,
e.g., Xen Introspection Library (http://www.bryanpayne.org/
3_software.php)
I can add a little more on the XenAccess introspection project.
Right now there are two key areas that I see as being most valuable
and most useful to a large number of people.
* First is expanding the data that XenAccess can collect. Currently
it only looks at memory, but other items such as disk and network
monitoring would be useful.
* Second is creating higher level abstractions for access to the
data. Currently it only returns a single memory page with a pointer
to the requested data structure. It would be nice to automatically
return the entire data structure including handling wraps over memory
page boundaries when needed. In addition, it would be especially
nice to integrate a kernel debugger (or something similar) to provide
for simplified access to kernel memory data without the need to
maintain offsets and such inside XenAccess.
Beyond expanding the capabilities of XenAccess, there's also interest
in building applications that use XenAccess. These could include any
type of monitoring and/or response application. A first step would
be to implement adapters for existing tools (e.g., network IDS and
host IDS) to work through introspection. The next step would be to
think about new applications of the introspection technology.
I'm always happy to discuss any of the above with people that are
interested :-)
Cheers,
bryan
-
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
|
|
| |
|
Home