TUM Logo

Dynamic System Call Translation between Virtual Machines

The traditional approach of running maintenance and inspection programs on a target machine can be enhanced by virtualizing the device and moving the programs “out-of-the-box” to do introspection from the outside. Though profiting from a higher access level and separation from the virtual machine, this leads to the fundamental problem of the semantic gap, as the hypervisor is unaware of the semantic meaning in the machine memory image. Our X-TIER system bridges this gap by injecting and running code in the context of the virtual machine to obtain or modify the desired information. This thesis presents lolredirect, which extends the X-TIER framework to be able to redirect system calls of any inspection program to the target machine. This allows running any application without having to port it to the hypervisor manually. All information will transparently be acquired on hypervisor-level via the standard ABI the program would use if ran directly inside the machine. That way, inspection software can profit from the separation introduced by virtualisation and still access all data structures of the target machine. The key idea discussed in this thesis is the system call capturing and redirection process. It includes a decision process to determine whether to redirect data-relevant system calls inside the target machine, or to execute the system call without redirection. For that, filename rules are utilized and the program state is tracked according to the trapped system calls. The correctness of this approach was verified by comparing output of Linux tools that were redirected, with output of the same invocation directly executed on the target machine. Tests showed that the redirection layer has an average performance overhead of 11.2. The whole system was implemented and is published as a free software project.

Dynamic System Call Translation between Virtual Machines

Supervisor(s): Sebastian Vogl
Status: finished
Topic: Monitoring (VMI etc.)
Author: Jonas Jelten
Submission: 2014-09-15
Type of Thesis: Bachelorthesis
Proof of Concept No

Astract:

The traditional approach of running maintenance and inspection programs on a target machine can be enhanced by virtualizing the device and moving the programs “out-of-the-box” to do introspection from the outside. Though profiting from a higher access level and separation from the virtual machine, this leads to the fundamental problem of the semantic gap, as the hypervisor is unaware of the semantic meaning in the machine memory image. Our X-TIER system bridges this gap by injecting and running code in the context of the virtual machine to obtain or modify the desired information. This thesis presents lolredirect, which extends the X-TIER framework to be able to redirect system calls of any inspection program to the target machine. This allows running any application without having to port it to the hypervisor manually. All information will transparently be acquired on hypervisor-level via the standard ABI the program would use if ran directly inside the machine. That way, inspection software can profit from the separation introduced by virtualisation and still access all data structures of the target machine. The key idea discussed in this thesis is the system call capturing and redirection process. It includes a decision process to determine whether to redirect data-relevant system calls inside the target machine, or to execute the system call without redirection. For that, filename rules are utilized and the program state is tracked according to the trapped system calls. The correctness of this approach was verified by comparing output of Linux tools that were redirected, with output of the same invocation directly executed on the target machine. Tests showed that the redirection layer has an average performance overhead of 11.2. The whole system was implemented and is published as a free software project.