WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

Re: [Xense-devel] ACM doesnt scale

To: Steven Hand <Steven.Hand@xxxxxxxxxxxx>
Subject: Re: [Xense-devel] ACM doesnt scale
From: aq <aquynh@xxxxxxxxx>
Date: Thu, 23 Jun 2005 18:19:16 -0700
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 24 Jun 2005 01:18:05 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jeHYux+2Ni6u0X9qcRsgJG5tiVhB1IVEcaFQXRgk8PD377XcSyZDp8C7zt4fEt6Xw/Mf0KVjgxhGGadp5taZazSoxnPh3LYJd2y+jrUW7aaAd+TY+C+wXxPVqZ0YNFt5H0WzTjxNwvDomPXL8JHY2CqiOf7evnmH8r3cGAydEWI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <E1DlaEP-0006sB-00@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <aquynh@xxxxxxxxx> <9cde8bff05062315239f384cb@xxxxxxxxxxxxxx> <E1DlaEP-0006sB-00@xxxxxxxxxxxxxxxxx>
Reply-to: aq <aquynh@xxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
On 6/23/05, Steven Hand <Steven.Hand@xxxxxxxxxxxx> wrote:
> 
> >at the moment, ACM supports only 2 models, and the code doesnt scale
> >enough (at all) to support more models in the future? any plan to fix
> >that?
> 
> Yes - the current ACM code is a proof of concept derived from the
> IBM sHype code. The model at present is that two policies (a primary
> and secondary) will be in place at any time, although it is intended
> that the selection of these will be more dynamic in the future. It's
> not yet clear if extending this will be required, but we're certainly
> aware of the structure and limitations of the current code.
> 

also the way security models are integrated into ACM doesnt scale, either.

> >if no, i am ready to offer some code for this problem.
> 
> We don't really want to smother things with code - for the security
> functionality in particular we'd prefer to generate a stable, sensible
> and well-justified design or set of designs which we can consider and
> decide upon.
> 
> If you're keen to help with this process, one important task we hope
> to get rolling soon is a complete audit of the 'hypervisor interface',
> aka all the regular hypercalls & dom0_ops, plus the implicit protocols
> (shared info page, event channel & grant table state machines, etc) to
> identify the various points at which access control or information
> exchange can occur.

That is great to know what is in the plan and what is in the wish
list. It is even better if you put them into the wiki (the more
detail, the better), so peole who interest can help.

regards,
aq

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel