|
|
|
|
|
|
|
|
|
|
xense-devel
[Xen-devel] [PATCH] sHype access control architecture for Xen
To: |
xense-devel@xxxxxxxxxxxxxxxxxxx, steven.hand@xxxxxxxxxxxx |
Subject: |
[Xen-devel] [PATCH] sHype access control architecture for Xen |
From: |
Reiner Sailer <sailer@xxxxxxxxxxxxxx> |
Date: |
Mon, 20 Jun 2005 13:22:58 -0400 |
Cc: |
xen-devel@xxxxxxxxxxxxxxxxxxx, ronpz@xxxxxxxxxx, leendert@xxxxxxxxxx, rvaldez@xxxxxxxxxx, sailer@xxxxxxxxxx, stefanb@xxxxxxxxxx |
Delivery-date: |
Mon, 20 Jun 2005 17:17:53 +0000 |
Envelope-to: |
www-data@xxxxxxxxxxxxxxxxxxx |
List-help: |
<mailto:xen-devel-request@lists.xensource.com?subject=help> |
List-id: |
Xen developer discussion <xen-devel.lists.xensource.com> |
List-post: |
<mailto:xen-devel@lists.xensource.com> |
List-subscribe: |
<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
List-unsubscribe: |
<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
Sender: |
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
This E-mail contains the sHype access control architecture
for inclusion into the Xen hypervisor (xeno-unstable.bk).
This is a follow-up on earlier postings:
http://lists.xensource.com/archives/html/xen-devel/2005-04/msg00864.html
The *_xen.diff patch includes the core sHype access control
architecture. Default is the NULL-policy.
The *_tools.diff patch includes the necessary additions to the
tools directory:
a) adding support for an additional VM configuration paramter
b) adding basic policy management support into tools/policy
The default setting is the NULL policy. After patching in the diff-
files, you should see no change in behavior. Please refer to the
attached shype4xen_readme.txt file for instructions on how to
activate and experiment with sHype.
While we have added support for saving and restoring security
information when saving and restoring domains, the architecture
currently supports save/restore only on the same hypervisor system
running the same sHype policy. Future versions will include more
flexible support for save/restore/migration.
Our group will submit a java-based policy translation tool for sHype to
this mailing list today as well. This tool takes as input an XML-based
descriptions of user-defined sHype policies and translates them into a
binary policy format that can be loaded into sHype.
Thanks
Reiner
Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off by: Stefan Berger <stefanb@xxxxxxxxxx>
shype4xen_readme.txt
Description: Text document
shype_4_xeno-unstable.bk_v3.0_xen.diff
Description: Text Data
shype_4_xeno-unstable.bk_v3.0_tools.diff
Description: Text Data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|