WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xense-devel] ACM doesnt scale

from [aq] [Permanent Link][Original]
To: Reiner Sailer <sailer@xxxxxxxxxx>
Subject: Re: [Xense-devel] ACM doesnt scale
From: aq <aquynh@xxxxxxxxx>
Date: Sat, 25 Jun 2005 00:34:31 +0900
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 24 Jun 2005 15:33:18 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HLxmXYACXTa0D3zE/4zn/biy42i/K0jNxFIGxdG88rWdvfOJRLUaSXuFcZtHLKCnQv8P0DY8vZpgLjzsKMBFcQujJlUyHR6N5TLCBotYULjW16I8Udb7shxI/3uwzX4ePwgaAI30vIEERnh22Qoqt8V+zPb+hRRceifHn0q1XbM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OFAC9BA6E2.BEF8D355-ON8525702A.00088F44-8525702A.0009C50D@xxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <9cde8bff05062318192325acdf@xxxxxxxxxxxxxx> <OFAC9BA6E2.BEF8D355-ON8525702A.00088F44-8525702A.0009C50D@xxxxxxxxxx>
Reply-to: aq <aquynh@xxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On 6/24/05, Reiner Sailer <sailer@xxxxxxxxxx> wrote:
> xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 06/23/2005 09:19:16 PM:
> 
> > On 6/23/05, Steven Hand <Steven.Hand@xxxxxxxxxxxx> wrote:
> > >
> > > >at the moment, ACM supports only 2 models, and the code doesnt scale
> > > >enough (at all) to support more models in the future? any plan to fix
> > > >that?
> > >
> > > Yes - the current ACM code is a proof of concept derived from the
> > > IBM sHype code. The model at present is that two policies (a primary
> > > and secondary) will be in place at any time, although it is intended
> > > that the selection of these will be more dynamic in the future. It's
> > > not yet clear if extending this will be required, but we're certainly
> > > aware of the structure and limitations of the current code.
> > >
> >
> > also the way security models are integrated into ACM doesnt scale,
> either.
> 
> Could you plesae be a little more specific about the "scaling"?  What is
> your
> application of the ACM module that determines there's a "scaling" problem?
> 

at the moment, all the security models (chinesewall (A) and ste (B))
are hard-coded, and we have 3 combinations of models (not count NULL
policy): A, B and A_AND_B.

i guess that there are more models to come in the future, suppose 3:
C, D, E. so we will have much more combinations. and obviously the
current organization of code in ACM doesnt scale to that change.

regards,
aq

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] choose security model for ACM at built-time, aq
Next by Date:  [Xen-devel] Re: [PATCH] choose security model for ACM at built-time, Keir Fraser
Previous by Thread:  Re: [Xense-devel] ACM doesnt scale, Reiner Sailer
Next by Thread:  Re: [Xense-devel] ACM doesnt scale, Ronald Perez
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy