[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] shype for xen / patches version 1.0

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Tue, 26 Apr 2005 11:00:15 -0400
Delivery-date: Tue, 26 Apr 2005 15:00:38 +0000
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Sensitivity:

Hi all,

this is a follow-up on our earlier posting:
http://lists.xensource.com/archives/html/xen-devel/2005-03/msg01406.html.
Please refer to this posting for background information and links to technical
reports describing the architecture.

This new sHype patch supports grant tables. I've also worked in comments
that I received on the earlier post (e.g., global default ssids).

Please note that the default policy under these patches is a "NULL" policy. This means
that, even after the patches are applied, there will be *no* change to the user or administrator
experience until a security policy is explicitly enabled.

The sHype port consists of three patches (tested on the xeno-unstable.bk 04/26/05):

1. shype_4_xeno-unstable.bk_v1.0_xen.diff
patch that includes the security enforcement hooks and the access control module

2. shype_4_xeno-unstable.bk_v1.0_sparse.diff
kernel patch that adds a /proc/xen/policycmd interface using a new policy
hypercall to communicate policies between xen and the policy management tool;

3. shype_4_xeno-unstable.bk_v1.0_tools.diff
tools patch that adds support for a new parameter security subject identifier reference
(ssidref) in the domain configuration, as well as a v-e-r-y simple policy tool to set binary
policies in xen and to retrieve and dump enforced policies from xen (tools/policytool);
in a future version, this tool will read user-defined policies and compile them into the binary
policies to be downloaded into xen.

Please refer to shype_4_xen.readme.gz for more information about installing sHype into
the bitkeeper version of xeno-unstable and about experimenting with it.

Feedback welcome.
Kindest Regards

Reiner

Signed-off-by: Reiner Sailer

___________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@xxxxxxxxxx
http://www.research.ibm.com/people/s/sailer/

Attachment: shype_4_xeno-unstable.bk_v1.0_xen.diff
Description: Binary data

Attachment: shype_4_xeno-unstable.bk_v1.0_tools.diff
Description: Binary data

Attachment: shype_4_xeno-unstable.bk_v1.0_sparse.diff
Description: Binary data

Attachment: shype4xen.readme.gz
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: [Xen-devel] [BUG] X86-64 dom0 oops if dom0_mem not specified
Next by Date: Re: [Xen-devel] s/w raid5
Previous by thread: [Xen-devel] [BUG] X86-64 dom0 oops if dom0_mem not specified
Next by thread: [Xen-devel] Poor network performance in domU in unstable
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.