Although Virtual Machine Introspection (VMI) tools are increasingly capable, modern multi-tenant cloud providers are hesitant to expose the sensitive hypervisor APIs necessary for tenants to use them.
This project, Furnace, is an open source VMI framework that satisfies both a tenant's desire to run their own custom VMI tools underneath their cloud VMs and a cloud provider's expectation of security.
For additional details on Furnace's motivation and design, please check out the Furnace paper.
This repository contains information about the overall project. The following individual repositories contain the actual software components.
- Furnace Sandbox
- Furnace Proxy
- Furnace Backend
Furnace Cloud Service(under development!)Furnace Hypervisor Agent(under development!)Furnace Proxy Agent(under development!)
The individual repositories listed above are intended to be installed on specific cloud infrastructure components (e.g., the Furnace sandbox is installed on each cloud compute node). The diagram below shows Furnace's overall software architecture and which repository belongs on which cloud component.
- Furnace is a young project that is very much a work in progress.
- Until Furnace is more mature, it is not recommended to be used in a production cloud.
- See an issue? Report it!
See INSTALL.md for instructions on installing Furnace in a single-hypervisor configuration.
Using Furnace for something? Cite us!
@inproceedings{18RAID_Furnace,
title = {{Furnace: Self-Service Tenant VMI for the Cloud}},
author = {Bushouse, Micah and Reeves, Douglas},
bookTitle={21st International Symposium on Research in Attacks, Intrusions, and Defenses},
year = {2018},
location = {Heraklion, Crete, Greece},
}
For general issues and issues with installation, please create an issue on this repo. Issues related to a specific Furnace repo should be posted to that repo.
The hypervisor-specific component of Furnace is its VMI partition. Presently, we recommend DRAKVUF with the Furnace plugin for this partition, however this limits us to Xen hypervisors.
Furnace can be made to support any hypervisor that supports LibVMI. A swap-in replacement for DRAVKUF is under development, which would make Furance compatible with KVM hypervisors.
In memory forensics, virtual machines (and hosts in general) are occasionally depicted as a collection of kernel and process address spaces. These address spaces are represented as the "smoke" rising above the flames (virtual machine introspection actions). A Furnace app is shown as a yellow shield at the center running underneath the VM.
Furnace is GPLv3.
However, to use Furnace library with DRAKVUF, you must also comply with DRAKVUF's license. Including DRAKVUF within commercial applications or appliances generally requires the purchase of a commercial DRAKVUF license (see https://github.com/tklengyel/drakvuf/blob/master/LICENSE).