WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

[Xense-devel] Secure Network Communications Between Xen VMs

To: Xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xense-devel] Secure Network Communications Between Xen VMs
From: bigschu <bigschu@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 09 May 2006 09:51:58 -0700
Delivery-date: Tue, 09 May 2006 09:52:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.2 (Windows/20060308)
Hi all,

I have two questions about the secure network communications between Xen VMs (i.e. domains) residing on different physical machines. 1) By way of example, if domU1 on machine M1 is communicating with two other domains, domU2 and domU3 on machine M2, how does the hypervisor/ACM on M1 differentiate between inbound/outbound traffic destined only for domU2 or domU3 and ensure that traffic is routed to the proper domain? 2) Is all of the traffic between various domains encrypted to prevent eavesdropping via network sniffing? I've read the paper, "DeuTeRium -- A System for Distributed Mandatory Access Control" but it's not clear to me from the actual implementation examples and documentation how you set up the IPSEC labeled tunneling mechanism and ensure validation of all traffic passing between the various domains.

Thanks,
Mike Schumann


_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

<Prev in Thread] Current Thread [Next in Thread>