|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Newbie query - Xen and security
Andy Elvey wrote:
I have a query re Xen and security. If I'm using the 'net (browsing,
email) while I'm running a Xen-enabled kernel, does that make it more
difficult for the bad guys out there to pop a rootkit or virus onto my
PC? I tend to envision Xen as making everything "virtual", so that if
they did try to rootkit my PC, they couldn't actually _install_ it
onto my system, (as I'm running a "virtual environment" ).
So, if I understand correctly, any "damage" that they try to do is
*totally* limited to the session I'm running, and when I next fire up
my PC, all will be well.
Practically speaking, Xen doesn't really do what you describe. Xen is
not a silver bullet when it comes to security. It's all about how you
use it. For the scenario you describe, your as safe in Xen as you would
be in Linux (it all depends on what you run as root in Linux and what
you run in dom0 in Xen).
What Xen allows you to do, from a security perspective, that something
like Linux doesn't really is to run two virtual machines and have them
be isolated from themselves. Even if you used multiple users in Linux,
you're sharing a considerable amount of resources between the two users
which makes total isolation difficult. Isolation in Xen is much easier
because there's almost no shared resources.
When it comes from protecting you from external attackers, Xen is no
different than Linux. An admitted simplification but I think you get
the idea.
Regards,
Anthony Liguori
Is my description pretty much accurate? Very many thanks in advance
for your replies!
Bye for now -
- Andy
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|