Information Technology Reference
In-Depth Information
Figure 7. Gibraltar running on the Observer remotely fetches kernel snapshots from the target via the
Myrinet back end network
the page fetcher
and infers invariants. These invariants represent
properties of both individual data structures, also
called
objects
, (e.g. scalars, such as integer vari-
ables and arrays and aggregate data structures,
such as structs) as well as collections of data
structures (e.g. linked lists). During enforcement,
the
monitor
uses the invariants as specifications
of kernel data structure integrity, which raises an
alert when an invariant is violated by a kernel data
structure. The following sections elaborate on the
design of each of these components.
Gibraltar executes on the observer, which is isolat-
ed from the target system. Gibraltar's page fetcher
is a component that takes a physical memory
address as input, and obtains the corresponding
memory page from the target. The target runs a
Myrinet PCI card to which the page fetcher issues a
request for a physical memory page. Upon receiv-
ing a request, the firmware on the target initiates
a DMA request for the requested page. It sends
the contents of the physical page to the observer
upon completion of the DMA. The Myrinet card
on the target system runs an enhanced version of
Figure 8. Boxes with solid lines show components of Gibraltar. Boxes with dashed lines show data used
as input or output by the different components
Search WWH ::
Custom Search