WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

[Xen-devel] [PATCH] sHype access control architecture for Xen

This E-mail contains the sHype access control architecture 
for inclusion into the Xen hypervisor (xeno-unstable.bk). 
This is a follow-up on earlier postings:
http://lists.xensource.com/archives/html/xen-devel/2005-04/msg00864.html

The *_xen.diff patch includes the core sHype access control
architecture. Default is the NULL-policy.

The *_tools.diff patch includes the necessary additions to the 
tools directory:
  a) adding support for an additional VM configuration paramter 
  b) adding basic policy management support into tools/policy

The default setting is the NULL policy. After patching in the diff-
files, you should see no change in behavior. Please refer to the
attached shype4xen_readme.txt file for instructions on how to 
activate and experiment with sHype.

While we have added support for saving and restoring security
information when saving and restoring domains, the architecture
currently supports save/restore only on the same hypervisor system
running the same sHype policy. Future versions will include more
flexible support for save/restore/migration.

Our group will submit a java-based policy translation tool for sHype to
this mailing list today as well. This tool takes as input an XML-based
descriptions of user-defined sHype policies and translates them into a
binary policy format that can be loaded into sHype.

Thanks
Reiner

Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: shype4xen_readme.txt
Description: Text document

Attachment: shype_4_xeno-unstable.bk_v3.0_xen.diff
Description: Text Data

Attachment: shype_4_xeno-unstable.bk_v3.0_tools.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel