The interest raised by the upcoming security interface that VMware calls VMsafe is notable.
Besides the company’s partners that work to use the new APIs, there are other entities that try to replicate the capabilities in other hypervisors.
One of them is Bryan D. Payne, Research Scientist at the Georgia Institute of Technology, that is maintaining with some fellows a very interesting project on the Google Code repository: XenAccess.
The team is developing a library to allow the analysis of multiple Xen virtual machines from a special domain (from where 3rd party security products can observe):
When running multiple domains (or virtual machines) using the Xen hypervisor, this library will allow a privileged domain to view the runtime state of another domain. This technique is known as virtual machine introspection.
The current software focuses on memory access, but also provides proof-of-concept code for disk monitoring.
A paper describing the solution in details is available here.
It’s interesting that one of main reference for this work is a paper from Mendel Rosenblum, the VMware Chief Scientist, that developed the idea behind VMsafe in 2002.
XenAccess is in the work since 2007 and seems to proceed very slow.
Maybe the arrival of VMsafe will boost the development.