WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup

To: Reiner Sailer <sailer@xxxxxxxxxx>
Subject: Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup
From: David Palmer <dwpalmer.xense@xxxxxxxxx>
Date: Fri, 2 Sep 2005 11:41:28 -0700
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Stefan Berger <stefanb@xxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 02 Sep 2005 18:39:16 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=i71y8Fk/Q2TgMQAjEdqR7tv00SOK9GV+SZ7+XiNpR/Bh/RCmfA9NTejwHLJqV8eKK293uwcdbPwJ4rlVq4bn+N2Ab6tlQCu9VqbnJbpyf8YYozp/46Rj5CJ8myk/NosOVTwd0jUZaZuAW+F7fIrG4J4Ky6pbCZzOcmTysxw5whU=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OF93EA0DFA.6835D1D3-ON85257070.001074DC-85257070.0012EDAD@xxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OF93EA0DFA.6835D1D3-ON85257070.001074DC-85257070.0012EDAD@xxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Reiner,

I've looked over the code.  As input, it takes either an SSID or a DomainID.  If given a DomainID, it looks up the domain's SSID.  It then returns two arrays of 0's and 1's.  One array is a row from the STE-Type matrix and the other is a row from the ChWall-Type matrix corresponding to the given SSID.

My question then: What constitutes a legitimate use vs. a clear abuse of this information?

For example, lets say I create a domain that manages a resource.  When another domain connects, the resource domain checks for a specific type using get_ssid() on the subject's DomainID and indexes one of the arrays with the type number.  If the type is set, then it provides the "Privileged" interface with the other domain.  If it is not set, then it provides the "Unprivileged" interface with the domain.  Is this legitimate or an abuse of the function?  Why or why not?

Dave

On 9/1/05, Reiner Sailer <sailer@xxxxxxxxxx> wrote:

This patch:

* adds a get_ssid ACM command that allows privileged domains to retrieve types for either a given ssid reference or a given domain id (of a running domain); this command can be used to extend access control into device domains, e.g., to control network traffic currently moving through Domain 0 uncontrolled by the ACM policy

* adds a script getlabel.sh that allows users inside Dom0 to retrieve the label for a given ssid reference or a given domain id (multiple labels might map onto a single ssid reference)

* cleans up label-related code in tools/security by merging common functions into labelfuncs.sh

* cleans up ACM code related to above changes (eventually approximating a common coding style)

Comments welcome.

Thanks
Reiner

Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx>

Signed-off by Stefan Berger <stefanb@xxxxxxxxxx>




_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel




_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel