[Xen-users] Re: malicious paravirtualized guests: security and i

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-users] Re: malicious paravirtualized guests: security and isolation
From:	"Vasiliy Baranov" <vasiliy.baranov@xxxxxxxxx>
Date:	Tue, 11 Nov 2008 17:35:25 +0300
Delivery-date:	Tue, 11 Nov 2008 06:36:10 -0800
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=3vPCwOmsh9cLZNaOHH+q763aJcloma56YHaRCXzdWGQ=; b=lSnB6RsOf+WB5+fnGjGip5pB7gXp+qp60/eFyIgyjEid+mL7GIIZEPy4hBka1QpU1h UkldO2epg44RABSFoc4NvDM5RafYXW7bvVFv/qedbJ8VjqyLezXd2SExBkCA7IozkHTC ouUPwVFL+1Y5erhTe80xRD8tu+ERLyKZ5KfF0=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=uIBqsEHdSJ8684TZJNP7aq+oMHjU03I6LFMZsY+yt5tHxK1+ccMy+sqfNOErv/nmOc XlejdGUBuQBMMujB+5AIWNworWHdU1Y2NebLct/OuhcPUazwxAA6AZgW78fsbKTkmh3w NfZdKmH1LR9GbRZPBn4zPI0Yd0S8yitAv54SE=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

Hi,

Am I asking stupid questions or is this area a complete mystery? Any pointers to existing sources of information are greatly appreciated. I spent several days searching Xen documentation and googling but could not find anything definitive.

Thank you,
Vasiliy

On Thu, Nov 6, 2008 at 4:15 PM, Vasiliy Baranov <vasiliy.baranov@xxxxxxxxx> wrote:

Hi,

I have a question about isolation and security guarantees Xen provides, if any, in cases when domU guests are not completely trusted, that is, can be malicious. Right now I am specifically interested in the scenario where all guests are paravirtualized, but HVM case is of some interest too.

Say, I want to let my users run their own guests on a Xen host that I own. Users will bring their own disk images. I don't completely trust my users. Does the use of Xen guarantees that malicious guests will be unable to harm other guests or the entire host in any way (for example, kill the entire host)? It is interesting to know both what is guaranteed in theory (that is, if Xen and dom0 work as designed) and how things go in practice.

If I disallow users to use their kernels, that is, if I run guests with my own kernel(s) only, will that improve the situation? How about loadable kernel modules? If I allow Linux guests to load their custom kernel modules, will that nullify the effect of using trusted kernels?

I currently use Xen 3.1.4, if that matters.

Thank you very much in advance,
Vasiliy

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] Re: malicious paravirtualized guests: security and isolation