|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] xsm support for restrictive policy and dynamic modification
Hi,In Xen-Summit, Toronto, I did a presentation on XSM where two shortcomings with the present implementation were highlighted: 1) Allow more finer grain control. e.g all introspection domain doesn't need to have pci-passthrough capability while few need to have and all should have introspection capability. 2) Need for dynamic modification, loading/unloading of the policy.In response to the above I got few suggestion from the community (Thanks Daniel De Graf and Stephen Smalley and others) and after researching the alternatives I found that already existent XSM support for MCS and MLS and type bound can fit in for finer grain control. Regarding dynamic support, its something that is still desired and not implemented. Stephan shared few links related to these: this:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.129.7129&rep=rep1&type=pdf http://oss.tresys.com/archive/policy-server.phpGoing forward, I will be focusing towards dynamic implementation as I believe currently existing infrastructure is sufficient enough to provide finer level of control over domains. Thanks Anshul _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |