Hypervisor (Virtual Machine Monitor) is a software that runs one or more virtual machines. Other than virtualization in cloud, they are also used in Virtual machine introspection to observe the behavior of malware from outside perspective. Traditional hypervisors like xen and kvm has a lot of features that these VMI researchers don’t need. So Bareflank aims to provide all of the scaffolding needed to rapidly prototype new a hypervisors.
“LibVMI is a C library that makes it easy to monitor the low-level details of a running virtual machine by viewing its memory, trapping on hardware events, and accessing the vCPU registers”
The primary goal of the project is to do Virtual machine introspection using LibVMI in Bareflank hypervisor. This will be achieved in multiple parts.
- The first part is to build a hypercall interface and so that both the Libvmi and Bareflank can talk to each other.
- The second part is to use the interface and do register and memory introspection on both the guest and host virtual machine.
- create channel for events and add support for Bareflank libvmi events.