WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xense-devel

[Top] [All Lists]

[Xense-devel] Secure Network Communications Between Xen VMs

from [bigschu]

[Permanent Link][Original]

To:	Xense-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xense-devel] Secure Network Communications Between Xen VMs
From:	bigschu <bigschu@xxxxxxxxxxxxxxxxxxx>
Date:	Tue, 09 May 2006 09:51:58 -0700
Delivery-date:	Tue, 09 May 2006 09:52:44 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id:	"A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post:	<mailto:xense-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 1.5.0.2 (Windows/20060308)

Hi all,

I have two questions about the secure network communications between XenVMs (i.e. domains) residing on different physical machines.1) By way of example, if domU1 on machine M1 is communicating with twoother domains, domU2 and domU3 on machine M2, how does thehypervisor/ACM on M1 differentiate between inbound/outbound trafficdestined only for domU2 or domU3 and ensure that traffic is routed tothe proper domain?2) Is all of the traffic between various domains encrypted to preventeavesdropping via network sniffing?I've read the paper, "DeuTeRium -- A System for Distributed MandatoryAccess Control" but it's not clear to me from the actual implementationexamples and documentation how you set up the IPSEC labeled tunnelingmechanism and ensure validation of all traffic passing between thevarious domains.


Thanks,
Mike Schumann


_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xense-devel] Secure Network Communications Between Xen VMs, bigschu <= Re: [Xense-devel] Secure Network Communications Between Xen VMs, Andrew Warfield Re: [Xense-devel] Secure Network Communications Between Xen VMs, Ramon Caceres

Previous by Date:	Re: [Xense-devel] questions about isolation model and GVTPM, Stefan Berger
Next by Date:	Re: [Xense-devel] Secure Network Communications Between Xen VMs, Andrew Warfield
Previous by Thread:	Re: [Xense-devel] questions about isolation model and GVTPM, Reiner Sailer
Next by Thread:	Re: [Xense-devel] Secure Network Communications Between Xen VMs, Andrew Warfield
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix