WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] Re: Xen Security meeting summary

from [Cihula, Joseph] [Permanent Link][Original]
To: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Re: Xen Security meeting summary
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Tue, 1 Mar 2005 14:42:39 -0800
Cc: "David Lie" <lie@xxxxxxxxxxxxxxxx>
Delivery-date: Wed, 02 Mar 2005 14:08:04 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Thread-index: AcUeqG1B7MpUBaBiTpytoO0lsbtp9wABe4OQ
Thread-topic: [Xen-devel] Re: Xen Security meeting summary 
David Lie wrote:
> This was an interesting discussion.  I must be missing something
> though: 
> 
> - page mapping visibility: several people said that they felt
> uncomfortable with the global visibility of mappings from machine to
> physical address in a guest as this provides a lot of information to
> an attacker. 
> 
> How does letting an attacker know the physical to machine mappings
> benefit an attacker?  I assume the attacker still would not have
> read/write access to pages that do not belong to the compromised
> domain.  Is there a concrete attack that people are aware of, or is
> this just a precautionary measure? 
> 
> Thanks,
> 
> David Lie

The concern here was that we not give an attacker any more information
than necessary for the proper functioning of the system.

As you correctly noted, each domain's pages are protected from access by
other domains (modulo a small number of shared pages).  However, should
there be a bug in this protection that did allow some unauthorized
cross-domain access, knowing the physical pages used by other domains
would increase the capabilities of an attacker (over random page
scribbling).

And though it wasn't the motivation for the concern, removing such
global visibility also has the benefit of limiting one type of covert
channel.

So the thinking was that if we could remove these other domain mappings
without significant changes or disruptions then it is beneficial to do
so.

Joseph Cihula
(Linux) Software Security Architect
Intel Corp.

*** These opinions are not necessarily those of my employer ***


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] fix gcc4 compile error, Keir Fraser
Next by Date:  Re: [Xen-devel] Blocking upcall to dom0, Andrew Biggadike
Previous by Thread:  [Xen-devel] [PATCH][UPDATED] cpu barriers moved and x86-64 cpu barriers added, Jerone Young
Next by Thread:  [Xen-devel] Re: Xen Security meeting summary, David Lie
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy