Hi: To detect and handle unauthorized memory map from hvm to dom0,I found xsm can prevent a privileged domain from arbitrarily mapping pages from other domains,however,I try to find whether there is another way. So I try to trap the memory access and compare the page owner whth the accessor, if they are different, somthing must happend and a warning to the administrator will be raised. My question is how can I trap the memory access? Is there any other mechanism to detect unauthorized memory map?With EPT/NPT, memory access are so closed to hardware that I don‘t know how should I trap it?Can you give me any suggestion? Thank you very much! Jone _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Aravindh Puthiyaparambil (aravindp)
2013-Jul-11 19:08 UTC
Re: Question''s about to detect unauthorized memory access
> To detect and handle unauthorized memory map from hvm to dom0,I > found xsm can prevent a privileged domain from arbitrarily mapping pages > from other domains,however,I try to find whether there is another way. So I > try to trap the memory access and compare the page owner whth the > accessor, if they are different, somthing must happend and a warning to the > administrator will be raised. > My question is how can I trap the memory access? Is there any other > mechanism to detect unauthorized memory map?With EPT/NPT, memory > access are so closed to hardware that I don‘t know how should I trap it?Can > you give me any suggestion?You can trap memory accesses using the mem_event / mem_access APIs. Take a look at tools/tests/xen-access/. You should also look in to libVMI. A combination of the two might give you what you are after. Thanks, Aravindh _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel