This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-research] Security through Isolation in Xen

To: "xen-research@xxxxxxxxxxxxxxxxxxx" <xen-research@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-research] Security through Isolation in Xen
From: "Colsani, Guillermo E" <guillermo.e.colsani@xxxxxxxxx>
Date: Fri, 12 Dec 2008 05:06:50 -0700
Accept-language: en-US
Acceptlanguage: en-US
Cc: "Protti, Duilio J" <duilio.j.protti@xxxxxxxxx>, "Giusti, Gisela" <gisela.giusti@xxxxxxxxx>
Delivery-date: Fri, 12 Dec 2008 04:07:10 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-research-request@lists.xensource.com?subject=help>
List-id: Research Issues on Xen <xen-research.lists.xensource.com>
List-post: <mailto:xen-research@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-research>, <mailto:xen-research-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-research>, <mailto:xen-research-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-research-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclcUh2DybHXwxPsSYurHEcVbtdqJQ==
Thread-topic: Security through Isolation in Xen

Hi all,


Together with some other coworkers we have been working on a reference implementation of the security through isolation concept using virtualization. This project is using Xen to provide a contained virtualized environment where malware can run without affecting the whole system.

The goal for this project is to foster the usage of virtualization technology in client platforms (desktops and notebooks) using security as a usage driver. This reference implementation provides certain capabilities which serve as a starting point for the long term goal; some of them are:

-     To manage paused Sandbox Virtual Machines ready to be awaken instantaneously to execute suspicious applications

-     To destroy and re-open the Sandbox Virtual Machines once the contained suspicious application was closed


Especially, we think that the module which manages the Ready-to-be-executed Sandbox VMs (VM-Pool at Domain 0) may be suitable for other purposes such as high availability of virtual appliances, short-delay responses for highly loaded services, among others; so we’d like to hear from any suggestion on how to adapt it to meet new needs.

We invite you to try the current version of the project Isolated Execution. You can find the code and the documentation about how to compile and install it at Source Forge: http://isolated-exec.sourceforge.net. Also, at http://isolated-exec.sourceforge.net/?q=node/6, you can find a flash description of what the “early-product” does.


We’d appreciate to receive feedback from the community about the overall concept, and whether you’d like to go deep on any aspect of it. Given that this is a reference implementation and is not complete, we think that the Xen Research Community is the right group to enrich the design and evolve the model. We invite you to post comments/suggestions at http://isolated-exec.sourceforge.net/?q=node/4.


Thanks and see you there!



Xen-research mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-research] Security through Isolation in Xen, Colsani, Guillermo E <=