Stage1:Goal:According to the requirement, since the Mirage may cause the physical bit changing of certain image after checking out, we need to find out an effective way to hash and sign this image relying on its logical structure rather than the physical bit layout. Thus, we need to delve into the detailed structures of vmdk file and the common linux filesystem (e.g. ext2/3), by which we can separate hash/sign work into several different parts: the vmdk metadata partand the guest machine’s file system part. After that, we can combine these two parts into the final result. Method:1. The vmdk description textIn the “Virtual Disk Format 1.1” manual provided by vmware, we can see the design details of vmwarevirtual disk structure. Basically, a text descriptor describing the layout of the data in the virtual disk is the header of a vmdk image file, which in other words, is the metadata of this vmdk. Figure 1 shows the description of our sample vmdk file.Figure 1 The description of vmdk image2. Guest Machine's File SystemAfter acquiring the vmdk's metadata, now we can access the whole file structure (starting from the '/' root directory) by using “vmware-mount” command tool in the vmware workstation utility package to mount this vmdk image to a certain point. Then, we can write a shell script (or a C/Java program) to walk through the whole file structure tree recursively, during which, for every file, we can use the linux built-in command “stat” to retrieve all kinds of information related to this file, including the file name, block number, inode, access status, file-related time, and owner/group id, etc, and concatenate these information with the file contentbefore doing the hash work. So the pseudocode should look like this:foreach(child in the directory) stat $child > statinfocat statinfo $child >> tmpfilesha1sum tmpfile > thisfilehashthisfilehash XOR previousfilehash > previousfilehashif [ $child also has child ]call recursivelyendendFigure 2 The output of the stat of a vmdkNote that since in the linux system, everything is designed as a file, even for those devices and processes, we need to be more careful when dealing with those /dev, /proc (generally, this directory should be empty). As mentioned in the given script, we can also use the “fdisk -ul” to get the partition information of thisvmdk image, which is also very important to the whole integrity. Discussion:Apart from the above, we may also check whether it is possible to get other information of the file system, such as the superblock, inode pool, and so forth, since these parts should also be covered by the integrity checking. Though we can use filesystem-related command including “e2fsck” to get somedetails about the ext2/3 filesystem, simple mounting may still be unable to fetch enough info from thefile system. We may check further for the vmware utility tool or may turn to other methods based on the linux file system
View Full Document
Unlocking...