Virtual Machine Introspection applications often execute on the same privilege level as the hypervisor, which can have disastrous security implications if the application is compromised. This is fairly plausible, because inspecting a VM is often done with the assumption that the VM is potentially compromised. To counter this, the VMI application is often moved into its own locked down VM. The Unikraft project aims to bundle efforts to provide a buildsystem for unikernel applications. An applications dependencies down to the kernel are bundled into one package and executed on a VM. However, every library needs to be painstakingly ported to the unikernel system. This proposal aims to port libVMI to the unikraft project, thereby enabling extremely hardened VMI applications.

Organization

Student

felix b

Mentors

  • Tamas Lengyel
  • Sergej Proskurin
close

2020