VMI by running LibVMI inside Intel SGX Enclave to monitor other VMs

Intel® Software Guard Extensions (Intel® SGX)

Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

VMI by running LibVMI inside Intel SGX Enclave to monitor other VMs

903 Views

There is some research on introspection on ARM TrustZone with customized form of LibVMI. This is about checking if LibVMI can be used to run inside an Intel SGX enclave. The goal is to securely run VMI using Intel's secure environment provided by its enclaves and then to monitor other VMs. This is with full virtualization using Xen on 64 bit Linux.

So is it possible to design an Intel SGX application with some functions of LibVMI declared inside an enclave, then build app, and to monitor other VMS in domU for their memory state ?

Link Copied

0 Replies

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.