A Hypervisor Based Security Testbed

We are developing an experimental testbed intended to help support security research. The testbed allows a network of unmodified hosts, running any of several of unmodified operating systems, to execute in a controlled and reproducible manner. The network is implemented on a hypervisor that is instrumented to observe and control security-relevant events. These events are securely logged to a relational database for later analysis.

[1]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[2]  Manpreet Singh,et al.  ORBIT Measurements framework and library (OML): motivations, implementation and features , 2005, First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities.

[3]  Manpreet Singh,et al.  ORBIT testbed software architecture: supporting experiments as a service , 2005, First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities.

[4]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[5]  Beng-Hong Lim,et al.  Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor , 2001, USENIX Annual Technical Conference, General Track.

[6]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OPSR.

[7]  Thomas Schwenkler,et al.  Intelligent Platform Management Interface , 2006 .

[8]  Gil Neiger,et al.  IntelŴVirtualization Technology: Hardware Support for Efficient Processor Virtualization , 2006 .

[9]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.