 Home |
Products |
Support |
Community |
News |
xense-devel
RE: [Xense-devel] Shype/ACM for HVM guest.
|
"Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx> wrote on 04/03/2007 05:42:56 AM: > Hi, > Yes that is fine if the paravirtualized drivers are > used in HVM then we can put hooks on that. But it is different case, > how actually shype/ACM works in case of VMExit/VMEntry. > Since in case of VMExit/VMEntry there are no > hypercalls, then how sHype/ACM implements security. > I mean to ask that how sHype/ACM works in case of HVM guest. In case of an HVM guest you would have the Chinese Wall Policy hooks checking whether the HVM guest is allowed to run with its current VM label. Access to resources such as image files is also checked when a virtual machine is started up. Stefan > > Thanks, > Praveen Kushwaha > > > > > > > > From: Stefan Berger [mailto:stefanb@xxxxxxxxxx] > Sent: Monday, April 02, 2007 7:19 PM > To: Praveen Kushwaha > Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@xxxxxxxxxxxxxxxxxxx > Subject: Re: [Xense-devel] Shype/ACM for HVM guest. > > > xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/02/2007 05:40:39 AM: > > > Hi, > > Does Shype/ACM architecture for implementing security in > > xen supports HVM guest also? I mean to say that, as per my > > HVM guests are supported in so far that the configuration of an HVM > is checked when the VM is started. This is done in xend where > resource assignments (disk access) are validated. > > > knowledge in xen 3.0.4 shype/ACM is implemented. Does this > > shype/ACM work also for the HVM (windows) guest? > > As per my understanding shype/ACM puts hook on > > hypercalls from the hypervisor, and consult with the ACM. But in > > case of full virtualization, hypervisor does not have hypercalls to > > communicate with HVM guest. There is VMEntry/VMExit for > > This is correct. Though, if paravirtualized drivers are used in an > HVM, also they will need to go through the hooks for grant table > access and event channels. > > Stefan > > > > communication, in which guest state and host state are saved. Since > > there are no hypercalls in case of full virtualization then how the > > actually shype/ACM works. Where does it put hooks? Or is there any > > other mechanism through which it implements security in HVM guest. > > If any one has information regarding it please reply. > > > > Thanks, > > Praveen Kushwaha > > > > > > > > _______________________________________________ > > Xense-devel mailing list > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xense-devel _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xense-devel] Shype/ACM in xen 3.0.4, Praveen Kushwaha |
|---|---|
| Next by Date: | RE: [Xense-devel] Shype/ACM for HVM guest., Praveen Kushwaha |
| Previous by Thread: | RE: [Xense-devel] Shype/ACM for HVM guest., Praveen Kushwaha |
| Next by Thread: | RE: [Xense-devel] Shype/ACM for HVM guest., Praveen Kushwaha |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
