|
xen-users
Re: [Xen-users] Exploiting XEN
> > > The Xen hypervisor is fairly small, and thus relatively easy to
> > > understand and control against vulnerabilities. Since it's living
> > > "outside" the host-OS that it controls, it's potentially
> >
> > less vulnerable
> >
> > > than those hypervisors that live within the host-OS.
> >
> > Nice in theory, but in practice you have to include Dom0 as (at this
> > time) it has effectively unrestricted access to the hardware and is
> > neccessarily trusted by every DomU that cards about disk or network
> > I/O. While in theory Xen may allow a tighter security model, in the
> > real-world deployments of Xen there's no better security from its
> > arch of hypervisor outside the Dom0 OS, vs other virt systems which
> > have the hypervisor as part of the Dom0.
>
> I guess that's a fair comment too. Dom0 is a large part of a Xen
> environment, and if Dom0 is compromised, then Xen can't really do that
> much to prevent the system from being crashed, subverted or other
> malicious acts. But I believe Xen itself is "safe" from Dom0 being
> compromised - but it's moot point, as Xen on it's own is about as useful
> as a chocalte teapot.
We don't make any real effort to protect the system from a naughty dom0 at
this point - there's no point whilst it's permitted to DMA over any memory it
wants. With domain 0 disaggregation and IOMMU hardware we should be able to
harden the system significantly with respect to what harm dom0 and driver
domains can do.
For a random related reference,
[http://www.cs.rochester.edu/meetings/sosp2003/papers/p134-lie.pdf] describes
an implementation of an untrusted operating system: the researchers goal was
(with hardware support) to produce an OS that was as limited as possible WRT
interfering with applications in certain ways whilst still providing
essential OS services. It's an interesting read.
Cheers,
Mark
> But Xen isn't really the "culprit" in this scenario - it's the same
> scenario for Linux (or whatever other OS we care to choose) without a
> hypervisor.
>
> --
> Mats
>
> > Dan.
> > --
> >
> > |=- Red Hat, Engineering, Emerging Technologies, Boston. +1
> >
> > 978 392 2496 -=|
> >
> > |=- Perl modules: http://search.cpan.org/~danberr/
> >
> > -=|
> >
> > |=- Projects: http://freshmeat.net/~danielpb/
> >
> > -=|
> >
> > |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF
> >
> > F742 7D3B 9505 -=|
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
--
Dave: Just a question. What use is a unicyle with no seat? And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] Exploiting XEN, Artur Baruchi
- RE: [Xen-users] Exploiting XEN, Petersson, Mats
- Re: [Xen-users] Exploiting XEN, Daniel P. Berrange
- RE: [Xen-users] Exploiting XEN, Petersson, Mats
- Re: [Xen-users] Exploiting XEN,
Mark Williamson <=
- [Xen-users] Re: Exploiting XEN, Anthony Liguori
- RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Exploiting XEN, Tim Post
- RE: [Xen-users] Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Exploiting XEN, Tim Post
- [Xen-users] Re: Re: Exploiting XEN, Michelle Konzack
- RE: [Xen-users] Re: Re: Exploiting XEN, Petersson, Mats
- RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
- RE: [Xen-users] Re: Re: Exploiting XEN, Kraska, Joe A \(US SSA\)
Re: [Xen-users] Exploiting XEN, Tim Post
|
|
|
Home