From xense-devel-bounces@lists.xensource.com Sat Jan 13 04:21:50 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Sat, 13 Jan 2007 04:21:50 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H5htN-00072a-UQ for www-data@colo.xensource.com; Sat, 13 Jan 2007 04:21:50 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H5huV-0008CI-2g; Sat, 13 Jan 2007 12:22:59 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H5huU-0008Bo-1N for xense-devel@lists.xensource.com; Sat, 13 Jan 2007 12:22:58 +0000 Received: from [210.7.75.131] (helo=gatewayserver.nechclst.in) by lists.xensource.com with esmtp (Exim 4.50) id 1H5huO-0002ZT-7S for xense-devel@lists.xensource.com; Sat, 13 Jan 2007 12:22:56 +0000 Received: from nechclst.in ([10.0.0.9]) by gatewayserver.nechclst.in with InterScan Message Security Suite; Sat, 13 Jan 2007 17:49:39 +0530 Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Sat, 13 Jan 2007 17:49:38 +0530 Message-ID: <0A8CFEC45B7F4C419F7543867C47442366E602@mailserver.nechclst.in> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Regarding security concerns in Xen 3.0 Thread-Index: Acc3DRhACJ86b3FRRXyZBn1dVj3lfg== From: "Praveen Kushwaha" To: X-imss-version: 2.045 X-imss-result: Passed X-imss-scanInfo: M:P L:E SM:0 X-imss-tmaseResult: TT:0 TS:0.0000 TC:00 TRN:0 TV:3.6.1039(14932.000) X-imss-scores: Clean:39.86104 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:2 C:1 M:1 S:1 R:1 (0.1500 0.1500) X-SA-Exim-Connect-IP: 210.7.75.131 X-SA-Exim-Mail-From: praveen.kushwaha@nechclst.in X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,HTML_90_100, HTML_MESSAGE autolearn=ham version=3.1.0 X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Subject: [Xense-devel] Regarding security concerns in Xen 3.0 X-BeenThere: xense-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: "A discussion list for those developing security enhancements for Xen." List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1836290766==" Mime-version: 1.0 Sender: xense-devel-bounces@lists.xensource.com Errors-To: xense-devel-bounces@lists.xensource.com This is a multi-part message in MIME format. --===============1836290766== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7370D.1882BC2B" This is a multi-part message in MIME format. ------_=_NextPart_001_01C7370D.1882BC2B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Sir, I have a question regarding security in Xen 3.0. What a re security concerns/threats in Xen 3.0. =20 =20 Thanks, Praveen Kushwaha ________________________________________________________________________ _____________________ NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno Park, Noida | Tel: 120 436 6777 Extn 748 =20 =20 =20 ------_=_NextPart_001_01C7370D.1882BC2B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Sir,

= I have a question regarding security in Xen 3.0.

= What a re security concerns/threats in Xen 3.0.

Thanks,

Praveen Kushwaha &n= bsp; &nb= sp; &= nbsp; &n= bsp; &nb= sp; &nbs= p; = ; = &= nbsp; &n= bsp; &nb= sp; ____________________________________________________________________= _________________________

NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno Park, Noida | Tel: 120 436 6777 Extn 748

------_=_NextPart_001_01C7370D.1882BC2B-- --===============1836290766== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xense-devel mailing list Xense-devel@lists.xensource.com http://lists.xensource.com/xense-devel --===============1836290766==-- From xen-devel-bounces@lists.xensource.com Sun Jan 14 22:51:22 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Sun, 14 Jan 2007 22:51:22 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H6Lgg-00086e-Et for www-data@colo.xensource.com; Sun, 14 Jan 2007 22:51:22 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6Lhy-0000a1-VT; Mon, 15 Jan 2007 06:52:42 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6Lho-0000Ri-04; Mon, 15 Jan 2007 06:52:32 +0000 Received: from mga02.intel.com ([134.134.136.20]) by lists.xensource.com with esmtp (Exim 4.50) id 1H6Lhi-0002ed-6s; Mon, 15 Jan 2007 06:52:29 +0000 Received: from orsmga001.jf.intel.com ([10.7.209.18]) by mga02.intel.com with ESMTP; 14 Jan 2007 22:51:45 -0800 Received: from orsmsx334.jf.intel.com ([10.22.226.45]) by orsmga001.jf.intel.com with ESMTP; 14 Jan 2007 22:51:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: i="4.13,186,1167638400"; d="scan'208"; a="185026151:sNHT21285432539" Received: from orsmsx412.amr.corp.intel.com ([10.22.226.48]) by orsmsx334.jf.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 14 Jan 2007 22:51:37 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: quoted-printable Date: Sun, 14 Jan 2007 22:51:35 -0800 Message-ID: In-Reply-To: <45A9EE5C.00003A.10847@bj163app39.163.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Xen-devel] Help: Could anybody know about the Intel' s "LaGrande" technologies? Did the Xen be under development using this stuff? Thread-Index: Acc3uN5/wpU73ZspSWm+lh3NeXlQEAAtfCFg References: <45A9EE5C.00003A.10847@bj163app39.163.com> From: "Cihula, Joseph" To: , , X-OriginalArrivalTime: 15 Jan 2007 06:51:37.0220 (UTC) FILETIME=[9A293440:01C73871] X-SA-Exim-Connect-IP: 134.134.136.20 X-SA-Exim-Mail-From: joseph.cihula@intel.com X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_50 autolearn=ham version=3.1.0 Subject: RE: [Xen-devel] Help: Could anybody know about the Intel' s "LaGrande" technologies? Did the Xen be under development using this stuff? X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) X-BeenThere: xen-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com Hi, There is a patch to the mid Sept. '06 version of Xen that supports = LaGrande Technology (now called Intel(r) Trusted Execution Technology or = Intel(r) TXT). You can find it at: = http://lists.xensource.com/archives/html/xen-devel/2006-09/msg00698.html.= There has been some discussion following the patch as to how best to = incorporate such technology into Xen and it was decided that it would be = best as a separate module that launched Xen (rather than integrated into = the Xen binary as is the case with the above patch). I will be = releasing a new version that supports this model shortly. I've also sent this reply to the xense-devel mailing list, as that list = is specifically concerned with the security-related aspects of Xen. Joseph Cihula (Linux) Software Security Architect Open Source Technology Center Intel Corp. =20 On Sunday, January 14, 2007 12:48 AM, xenway@163.com wrote: > Could anybody know about the Intel's "LaGrande" technologies? Did the = Xen be under > development using this stuff? > I have been involved in an project which goal is to enhance the = security of commodity=20 > operating system via an secure kernel for several weeks. we have = studied several similar=20 > projects that have the same target. we found that the "NGSCB" and the = secure kernel "Nexus" > the Microsoft have researched are quite suitable. However, Nexus wants = the hardware supports. > Fortunately, the Intel Corp has developed their technologies called = "Lagrande" which can feed=20 > the needs of Nexus. However ,Xen is a suitable reference monitor to = build on. We are going to > use this stuff via Xen to build a secure virtual monitor and a secure = kernel which is isolated > in the curtained memory. Could anyone do me a favor to give me a hint = about the progress in > Xen, thanks :)=20 >=09 >=09 >________________________________ > > = =CF=EB=C3=E2=B7=D1=BB=F1=B5=C3=B8=DF=CB=D9=CE=C8=B6=A8=B5=C43G=D3=CA=CF=E4= =C2=F0=A3=BF www.126.com =20 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel From xen-devel-bounces@lists.xensource.com Mon Jan 15 21:15:12 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Mon, 15 Jan 2007 21:15:12 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H6gfA-0004f9-KO for www-data@colo.xensource.com; Mon, 15 Jan 2007 21:15:12 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6gg0-0007OY-5y; Tue, 16 Jan 2007 05:16:04 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6ge5-0007HZ-Bc; Tue, 16 Jan 2007 05:14:05 +0000 Received: from mga01.intel.com ([192.55.52.88]) by lists.xensource.com with esmtp (Exim 4.50) id 1H6gdn-0008E2-DX; Tue, 16 Jan 2007 05:13:53 +0000 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by mga01.intel.com with ESMTP; 15 Jan 2007 21:13:05 -0800 Received: from orsmsx334.jf.intel.com ([10.22.226.45]) by fmsmga001.fm.intel.com with ESMTP; 15 Jan 2007 21:13:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: i="4.13,193,1167638400"; d="scan'208"; a="188483478:sNHT20893663" Received: from orsmsx412.amr.corp.intel.com ([10.22.226.48]) by orsmsx334.jf.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Jan 2007 21:13:02 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 15 Jan 2007 21:13:01 -0800 Message-ID: In-Reply-To: <45AB4B21.000150.07279@bj163app40.163.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff? Thread-Index: Acc4iMMEZ6lfKjgEQ1C9AL4Z6nvSKAAZCXPw References: <45AB4B21.000150.07279@bj163app40.163.com> From: "Cihula, Joseph" To: X-OriginalArrivalTime: 16 Jan 2007 05:13:02.0794 (UTC) FILETIME=[FF4D2AA0:01C7392C] X-SA-Exim-Connect-IP: 192.55.52.88 X-SA-Exim-Mail-From: joseph.cihula@intel.com X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.0 Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff? X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com X-BeenThere: xen-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com (Including xense-devel again.) =20 =20 On Monday, January 15, 2007 1:37 AM, xenway@163.com wrote: > Hi, Joseph > I really appreciate your help :) > I have read the web page you mentioned before. It seems that you integrate it > into Xen as Secure Boot interacting with TPM module or something like that, don't you :)=20 The current patch integrates the TXT code into the Xen binary, invoked at the very beginning of launch. > The goal of our project is that we have studied the framework of Microsoft(R)'s > "NGSCB". We are trying to implement a rough prototype or something alike in Linux or *nix > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB" needs some hardware > supports such as "Trusted Mode", "Memory Protection", "DMA Control" and "Secure Path to the > User", etc. Fortunately, the Intel(R) Corp has developed their technologies called "Lagrande" > which can feed the needs of Nexus which is the secure kernel of the "NGSCB". The "NGSCB" is > not described clearly by Microsoft :(. We can't find more details about that stuff. Finally, > we found some stuff which came out from the "Intel Developer Center" like "Domain Manager" > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct and there is no further > information about that, on the other hand, the Intel(R) Corp seems to continue its works on > hardware support to "NGSCB". So we found out some stuff about the "Lagrande" technologies in > the Xen communities.=20 > We are curious that whether the patch you contribute to the Xen is the beginning of > building a prototype of "Domain Manager" or something alike? If not, what is the goal of > integrating "Lagrande" into Xen? Could you give me further information about that? The term "domain manager" that you're referring to was the term used in place of VMM in some of our early slides. So our TXT work with Xen is not to replace Xen (the hypervisor), but rather to enhance it to support TXT. You can get more up to date information from this past Fall's Intel Developer Forum (IDF) at: http://www.intel.com/idf/us/fall2006/index.htm. There were two sessions specifically on TXT. > By the way, the Intel(R) Corp has announced its "Lagrande" technologies, has it > been integrated into some processors? Has the motherboard's chips the functions like > "IOMMU" and "DMA Protection" to support "Curtained Memory"? A TXT-capable system is available for purchase; please visit http://www.mpccorp.com/clientpro_txt for details. > The next work we are going to do is to find out whether it is feasible to introduce > the Xen to construct our secure kernel. Do you have some constructive advices for us? > Thanks a lot :) My foils from this past Xen Summit (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno logy.pdf) describe how to enable Xen for TXT are a good basis for enabling any VMM or kernel to use TXT. Joe _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel From xen-devel-bounces@lists.xensource.com Mon Jan 15 23:38:44 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Mon, 15 Jan 2007 23:38:44 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H6iu3-00059j-UC for www-data@colo.xensource.com; Mon, 15 Jan 2007 23:38:44 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6ivI-0001Wq-W5; Tue, 16 Jan 2007 07:40:01 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H6ivB-0001Rk-So; Tue, 16 Jan 2007 07:39:53 +0000 Received: from m13-41.163.com ([220.181.13.41]) by lists.xensource.com with smtp (Exim 4.50) id 1H6iv3-0000Fw-SP; Tue, 16 Jan 2007 07:39:51 +0000 Received: from 220.181.12.225(192.168.1.96, 218.76.45.43) ( 220.181.12.225(192.168.1.96, 218.76.45.43) [220.181.12.225(192.168.1.96, 218.76.45.43)] ) by webmail-app41 (Coremail) ; Tue, 16 Jan 2007 15:33:41 +0800 (CST) MIME-Version: 1.0 Message-ID: <45AC7FD5.00005A.30821@bj163app41.163.com> Date: Tue, 16 Jan 2007 15:33:41 +0800 (CST) From: xenway@163.com To: "cihula joseph" X-Priority: 1 X-Originating-IP: [220.181.12.225(192.168.1.96, 218.76.45.43)] X-Mailer: 163com References: <45AB4B21.000150.07279@bj163app40.163.com> In-Reply-To: X-SA-Exim-Connect-IP: 220.181.13.41 X-SA-Exim-Mail-From: xenway@163.com X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=0.7 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE, NO_REAL_NAME,UNPARSEABLE_RELAY,X_PRIORITY_HIGH autolearn=no version=3.1.0 Subject: Re: RE: RE: [Xen-devel] Help: Could anybo dy k now about the Intel' s "LaGrande" te chno l ogies? Did the Xen be under develo pment u sing this stuff? X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com X-BeenThere: xen-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0938266053==" Mime-version: 1.0 Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com --===============0938266053== Content-Type: Multipart/Alternative; boundary="Boundary-=_TKlyPbHmCkBKqgikFPGdEVVpKjGP" --Boundary-=_TKlyPbHmCkBKqgikFPGdEVVpKjGP Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hi, Joseph It is very kind of you to give me your advices :) I really appreciat= e that. I have contracted with David Pilger several days before. He just = said that some people was trying to do the same stuff that we were going = to. Do you know about that? I am a freshman in this area and have little = experience. I think it is an good idea to stand on the shoulders of giant= s and see further. Could you give me the further information ? Thank you. =20 on 2007-01-16=A3=AC"Cihula, Joseph" wrote=A3=BA From: "Cihula, Joseph"=20 To: ""=20 Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s= "LaGrande" techno l ogies? Did the Xen be under development u sing this = stuff? > (Including xense-devel again.) > =20 > =20 > On Monday, January 15, 2007 1:37 AM, xenway@163.com wrote: > >=09Hi, Joseph > >=09 I really appreciate your help :) > >=09 I have read the web page you mentioned before. It seems that > you integrate it > > into Xen as Secure Boot interacting with TPM module or something like > that, don't you :)=20 >=20 > The current patch integrates the TXT code into the Xen binary, invoked > at the very beginning of launch. >=20 > >=09 The goal of our project is that we have studied the > framework of Microsoft(R)'s > > "NGSCB". We are trying to implement a rough prototype or something > alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB" > needs some hardware > > supports such as "Trusted Mode", "Memory Protection", "DMA Control" > and "Secure Path to the > > User", etc. Fortunately, the Intel(R) Corp has developed their > technologies called "Lagrande" > > which can feed the needs of Nexus which is the secure kernel of the > "NGSCB". The "NGSCB" is > > not described clearly by Microsoft :(. We can't find more details > about that stuff. Finally, > > we found some stuff which came out from the "Intel Developer > Center" like "Domain Manager" > > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct > and there is no further > > information about that, on the other hand, the Intel(R) Corp seems to > continue its works on > > hardware support to "NGSCB". So we found out some stuff about the > "Lagrande" technologies in > > the Xen communities.=20 > >=09 We are curious that whether the patch you contribute to the > Xen is the beginning of > > building a prototype of "Domain Manager" or something alike? If not, > what is the goal of > > integrating "Lagrande" into Xen? Could you give me further informatio= n > about that? >=20 > The term "domain manager" that you're referring to was the term used in > place of VMM in some of our early slides. So our TXT work with Xen is > not to replace Xen (the hypervisor), but rather to enhance it to suppor= t > TXT. >=20 > You can get more up to date information from this past Fall's Intel > Developer Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. There were two session= s > specifically on TXT. >=20 > >=09 By the way, the Intel(R) Corp has announced its "Lagrande" > technologies, has it > > been integrated into some processors? Has the motherboard's chips th= e > functions like > > "IOMMU" and "DMA Protection" to support "Curtained Memory"? >=20 > A TXT-capable system is available for purchase; please visit > http://www.mpccorp.com/clientpro_txt for details. >=20 > >=09 The next work we are going to do is to find out whether it > is feasible to introduce > > the Xen to construct our secure kernel. Do you have some constructive > advices for us? > > Thanks a lot :) >=20 > My foils from this past Xen Summit > (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techn= o > logy.pdf) describe how to enable Xen for TXT are a good basis for > enabling any VMM or kernel to use TXT. >=20 > Joe >=20 --Boundary-=_TKlyPbHmCkBKqgikFPGdEVVpKjGP Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

Hi, Joseph
It is very kind of you to giv= e me your advices :) I really appreciate that. I have contracted with Dav= id Pilger several days before. He just said that some people was trying t= o do the same stuff that we were going to. Do you know about that? I am a= freshman in this area and have little experience. I think it is an good = idea to stand on the shoulders of giants and see further. Could you give = me the further information ? Thank you.

on 2007-01-16=A3=AC"Cihula, Joseph" <j= oseph.cihula@intel.com> wrote=A3=BA

From: "Cihula, Joseph" To: "" Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s= "LaGrande" techno l ogies? Did the Xen be under development u sing this = stuff? > (Including xense-devel again.) > =20 > =20 > On Monday, January 15, 2007 1:37 AM, xenway@163.com wrote: > >=09Hi, Joseph > >=09 I really appreciate your help :) > >=09 I have read the web page you mentioned before. It seems t= hat > you integrate it > > into Xen as Secure Boot interacting with TPM module or somethin= g like > that, don't you :)=20 >=20 > The current patch integrates the TXT code into the Xen binary, invok= ed > at the very beginning of launch. >=20 > >=09 The goal of our project is that we have studied the > framework of Microsoft(R)'s > > "NGSCB". We are trying to implement a rough prototype or someth= ing > alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was going. However, the "N= GSCB" > needs some hardware > > supports such as "Trusted Mode", "Memory Protection", "DMA Cont= rol" > and "Secure Path to the > > User", etc. Fortunately, the Intel(R) Corp has developed their > technologies called "Lagrande" > > which can feed the needs of Nexus which is the secure kernel of= the > "NGSCB". The "NGSCB" is > > not described clearly by Microsoft :(. We can't find more detai= ls > about that stuff. Finally, > > we found some stuff which came out from the "Intel Developer > Center" like "Domain Manager" > > and "SENTER Progress", etc. The project "NGSCB" seems to be def= unct > and there is no further > > information about that, on the other hand, the Intel(R) Corp se= ems to > continue its works on > > hardware support to "NGSCB". So we found out some stuff about t= he > "Lagrande" technologies in > > the Xen communities.=20 > >=09 We are curious that whether the patch you contribute to t= he > Xen is the beginning of > > building a prototype of "Domain Manager" or something alike? If= not, > what is the goal of > > integrating "Lagrande" into Xen? Could you give me further info= rmation > about that? >=20 > The term "domain manager" that you're referring to was the term used= in > place of VMM in some of our early slides. So our TXT work with Xen = is > not to replace Xen (the hypervisor), but rather to enhance it to sup= port > TXT. >=20 > You can get more up to date information from this past Fall's Intel > Developer Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. There were two sess= ions > specifically on TXT. >=20 > >=09 By the way, the Intel(R) Corp has announced its "Lagrande= " > technologies, has it > > been integrated into some processors? Has the motherboard's chi= ps the > functions like > > "IOMMU" and "DMA Protection" to support "Curtained Memory"? >=20 > A TXT-capable system is available for purchase; please visit > http://www.mpccorp.com/clientpro_txt for details. >=20 > >=09 The next work we are going to do is to find out whether i= t > is feasible to introduce > > the Xen to construct our secure kernel. Do you have some constr= uctive > advices for us? > > Thanks a lot :) >=20 > My foils from this past Xen Summit > (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Te= chno > logy.pdf) describe how to enable Xen for TXT are a good basis for > enabling any VMM or kernel to use TXT. >=20 > Joe >

=B6=C0=BC=D2=A3=A1=CD= =F8=D2=D73G=C3=E2=B7=D1=D3=CA=A3=AC=BB=B9=D4=F9=CB=CD280=D5=D7=CD=F8=C5=CC= Envelope-to: www-data@colo.xensource.com Delivery-date: Wed, 17 Jan 2007 16:47:24 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H7LR6-00054w-Ea for www-data@colo.xensource.com; Wed, 17 Jan 2007 16:47:24 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H7LSR-0004qz-IX; Thu, 18 Jan 2007 00:48:47 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H7LSJ-0004k7-2c; Thu, 18 Jan 2007 00:48:39 +0000 Received: from mga03.intel.com ([143.182.124.21]) by lists.xensource.com with esmtp (Exim 4.50) id 1H7LSC-000277-Gr; Thu, 18 Jan 2007 00:48:37 +0000 Received: from azsmga001.ch.intel.com ([10.2.17.19]) by mga03.intel.com with ESMTP; 17 Jan 2007 16:47:47 -0800 Received: from orsmsx334.jf.intel.com ([10.22.226.45]) by azsmga001.ch.intel.com with ESMTP; 17 Jan 2007 16:47:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: i="4.13,201,1167638400"; d="scan'208,217"; a="170086985:sNHT36559649" Received: from orsmsx412.amr.corp.intel.com ([10.22.226.48]) by orsmsx334.jf.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 17 Jan 2007 16:47:30 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 17 Jan 2007 16:47:29 -0800 Message-ID: In-Reply-To: <45AC7FD5.00005A.30821@bj163app41.163.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff? Thread-Index: Acc5QYJ8xUPiDt0mTxm8r08XCXAP8QBV0szQ References: <45AB4B21.000150.07279@bj163app40.163.com> <45AC7FD5.00005A.30821@bj163app41.163.com> From: "Cihula, Joseph" To: X-OriginalArrivalTime: 18 Jan 2007 00:47:30.0158 (UTC) FILETIME=[3B8958E0:01C73A9A] X-SA-Exim-Connect-IP: 143.182.124.21 X-SA-Exim-Mail-From: joseph.cihula@intel.com X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,HTML_30_40, HTML_MESSAGE autolearn=ham version=3.1.0 Subject: RE: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff? X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com X-BeenThere: xen-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0704949139==" Mime-version: 1.0 Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com This is a multi-part message in MIME format. --===============0704949139== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C73A9A.3B499754" This is a multi-part message in MIME format. ------_=_NextPart_001_01C73A9A.3B499754 Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: quoted-printable I'm not sure what work David was specifically referring to, but Xen can = be used to build a model similar to that of NGSCB (though I'm not aware = of anyone (else) trying to do so). =20 =20 There has been a general consensus among the people working on = security-related aspects of Xen that it should be better "partitioned" = to follow the principle of least privilege. This would include moving = the vTPM system into a separate domain, de-privileging dom0, etc. I had = started work on extracting vTPM but that has been postponed due to more = pressing work at my real job. I have not heard of any active work on = dom0 de-privileging. =20 Any contributions you would like to make to the security of Xen would be = most welcomed and I'm sure that you will have no difficulty finding = people willing to answer any questions that you may have as you work on = it. =20 Joe ________________________________ From: xen-devel-bounces@lists.xensource.com = [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of = xenway@163.com Sent: Monday, January 15, 2007 11:34 PM To: Cihula, Joseph Cc: xen-devel@lists.xensource.com; xense-devel@lists.xensource.com Subject: Re: RE: RE: [Xen-devel] Help: Could anybody k now about the = Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u = sing this stuff? Importance: High =09 =09 Hi, Joseph It is very kind of you to give me your advices :) I really = appreciate that. I have contracted with David Pilger several days = before. He just said that some people was trying to do the same stuff = that we were going to. Do you know about that? I am a freshman in this = area and have little experience. I think it is an good idea to stand on = the shoulders of giants and see further. Could you give me the further = information ? Thank you. =09 on 2007-01-16=A3=AC"Cihula, Joseph" = wrote=A3=BA =09 From: "Cihula, Joseph" To: "" Date: Tue, 16 Jan 2007 13:13:01 +0800 = (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the = Intel' s "LaGrande" techno l ogies? Did the Xen be under development u = sing this stuff? > (Including xense-devel again.) > > > On Monday, = January 15, 2007 1:37 AM, xenway@163.com wrote: > > Hi, Joseph > > I = really appreciate your help :) > > I have read the web page you = mentioned before. It seems that > you integrate it > > into Xen as = Secure Boot interacting with TPM module or something like > that, don't = you :) > > The current patch integrates the TXT code into the Xen = binary, invoked > at the very beginning of launch. > > > The goal of our = project is that we have studied the > framework of Microsoft(R)'s > > = "NGSCB". We are trying to implement a rough prototype or something > = alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was = going. However, the "NGSCB" > needs some hardware > > supports such as = "Trusted Mode", "Memory Protection", "DMA Control" > and "Secure Path to = the > > User", etc. Fortunately, the Intel(R) Corp has developed their > = technologies called "Lagrande" > > which can feed the needs of Nexus = which is the secure kernel of the > "NGSCB". The "NGSCB" is > > not = described clearly by Microsoft :(. We can't find more details > about = that stuff. Finally, > > we found some stuff which came out from the = "Intel Developer > Center" like "Domain Manager" > > and "SENTER = Progress", etc. The project "NGSCB" seems to be defunct > and there is = no further > > information about that, on the other hand, the Intel(R) = Corp seems to > continue its works on > > hardware support to "NGSCB". = So we found out some stuff about the > "Lagrande" technologies in > > = the Xen communities. > > We are curious that whether the patch you = contribute to the > Xen is the beginning of > > building a prototype of = "Domain Manager" or something alike? If not, > what is the goal of > > = integrating "Lagrande" into Xen? Could you give me further information > = about that? > > The term "domain manager" that you're referring to was = the term used in > place of VMM in some of our early slides. So our TXT = work with Xen is > not to replace Xen (the hypervisor), but rather to = enhance it to support > TXT. > > You can get more up to date information = from this past Fall's Intel > Developer Forum (IDF) at: > = http://www.intel.com/idf/us/fall2006/index.htm. There were two sessions = > specifically on TXT. > > > By the way, the Intel(R) Corp has announced = its "Lagrande" > technologies, has it > > been integrated into some = processors? Has the motherboard's chips the > functions like > > "IOMMU" = and "DMA Protection" to support "Curtained Memory"? > > A TXT-capable = system is available for purchase; please visit > = http://www.mpccorp.com/clientpro_txt for details. > > > The next work we = are going to do is to find out whether it > is feasible to introduce > > = the Xen to construct our secure kernel. Do you have some constructive > = advices for us? > > Thanks a lot :) > > My foils from this past Xen = Summit > = (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno = > logy.pdf) describe how to enable Xen for TXT are a good basis for > = enabling any VMM or kernel to use TXT. > > Joe >=20 ________________________________ = =B6=C0=BC=D2=A3=A1=CD=F8=D2=D73G=C3=E2=B7=D1=D3=CA=A3=AC=BB=B9=D4=F9=CB=CD= 280=D5=D7=CD=F8=C5=CC www.126.com =20 ------_=_NextPart_001_01C73A9A.3B499754 Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: quoted-printable

I'm=20 not sure what work David was specifically referring to, but Xen can be = used to=20 build a model similar to that of NGSCB (though I'm not aware of anyone = (else)=20 trying to do so).

There=20 has been a general consensus among the people working on = security-related=20 aspects of Xen that it should be better "partitioned" to follow the = principle of=20 least privilege. This would include moving the vTPM system into a = separate=20 domain, de-privileging dom0, etc. I had started work on extracting = vTPM=20 but that has been postponed due to more pressing work at my real = job. I=20 have not heard of any active work on dom0 = de-privileging.

Any=20 contributions you would like to make to the security of Xen would be = most=20 welcomed and I'm sure that you will have no difficulty finding people = willing to=20 answer any questions that you may have as you work on = it.

Joe

From: = xen-devel-bounces@lists.xensource.com=20 [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of=20 xenway@163.com
Sent: Monday, January 15, 2007 11:34=20 PM
To: Cihula, Joseph
Cc: = xen-devel@lists.xensource.com;=20 xense-devel@lists.xensource.com
Subject: Re: RE: RE: = [Xen-devel]=20 Help: Could anybody k now about the Intel' s "LaGrande" techno l = ogies? Did=20 the Xen be under develo pment u sing this stuff?
Importance: = High

Hi, Joseph
It is very kind of you to = give me=20 your advices :) I really appreciate that. I have contracted with David = Pilger=20 several days before. He just said that some people was trying to do = the same=20 stuff that we were going to. Do you know about that? I am a freshman = in this=20 area and have little experience. I think it is an good idea to stand = on the=20 shoulders of giants and see further. Could you give me the further = information=20 ? Thank you.

on 2007-01-16=A3=AC"Cihula, Joseph"=20 <joseph.cihula@intel.com> wrote=A3=BA
From:=20 "Cihula, Joseph" To: "" = Date: Tue,=20 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: = Could=20 anybody k now about the Intel' s "LaGrande" techno l ogies? Did the = Xen be=20 under development u sing this stuff? > (Including xense-devel = again.)=20 > > > On Monday, January 15, 2007 1:37 AM, xenway@163.com = wrote:=20 > > Hi, Joseph > > I really appreciate your help :) > = > I=20 have read the web page you mentioned before. It seems that > you=20 integrate it > > into Xen as Secure Boot interacting with TPM = module=20 or something like > that, don't you :) > > The current = patch=20 integrates the TXT code into the Xen binary, invoked > at the = very=20 beginning of launch. > > > The goal of our project is that = we have=20 studied the > framework of Microsoft(R)'s > > "NGSCB". We = are=20 trying to implement a rough prototype or something > alike in = Linux or=20 *nix > > rather than Windows(R) where "NGSCB" was going. = However, the=20 "NGSCB" > needs some hardware > > supports such as "Trusted = Mode",=20 "Memory Protection", "DMA Control" > and "Secure Path to the > = >=20 User", etc. Fortunately, the Intel(R) Corp has developed their >=20 technologies called "Lagrande" > > which can feed the needs of = Nexus=20 which is the secure kernel of the > "NGSCB". The "NGSCB" is > = > not=20 described clearly by Microsoft :(. We can't find more details > = about=20 that stuff. Finally, > > we found some stuff which came out = from the=20 "Intel Developer > Center" like "Domain Manager" > > and = "SENTER=20 Progress", etc. The project "NGSCB" seems to be defunct > and = there is no=20 further > > information about that, on the other hand, the = Intel(R)=20 Corp seems to > continue its works on > > hardware support = to=20 "NGSCB". So we found out some stuff about the > "Lagrande" = technologies=20 in > > the Xen communities. > > We are curious that = whether the=20 patch you contribute to the > Xen is the beginning of > > = building=20 a prototype of "Domain Manager" or something alike? If not, > = what is the=20 goal of > > integrating "Lagrande" into Xen? Could you give me = further=20 information > about that? > > The term "domain manager" = that you're=20 referring to was the term used in > place of VMM in some of our = early=20 slides. So our TXT work with Xen is > not to replace Xen (the=20 hypervisor), but rather to enhance it to support > TXT. > > = You can=20 get more up to date information from this past Fall's Intel > = Developer=20 Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. = There=20 were two sessions > specifically on TXT. > > > By the = way, the=20 Intel(R) Corp has announced its "Lagrande" > technologies, has it = >=20 > been integrated into some processors? Has the motherboard's = chips the=20 > functions like > > "IOMMU" and "DMA Protection" to = support=20 "Curtained Memory"? > > A TXT-capable system is available for=20 purchase; please visit > http://www.mpccorp.com/clientpro_txt for = details. > > > The next work we are going to do is to find = out=20 whether it > is feasible to introduce > > the Xen to = construct our=20 secure kernel. Do you have some constructive > advices for us? = > >=20 Thanks a lot :) > > My foils from this past Xen Summit >=20 = (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno = > logy.pdf) describe how to enable Xen for TXT are a good basis = for >=20 enabling any VMM or kernel to use TXT. > > Joe >=20

=B6=C0=BC=D2=A3=A1=CD=F8=D2=D73G=C3=E2=B7=D1=D3=CA=A3=AC=BB= =B9=D4=F9=CB=CD280=D5=D7=CD=F8=C5=CC www.126.com=20 ------_=_NextPart_001_01C73A9A.3B499754-- --===============0704949139== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --===============0704949139==-- From xense-devel-bounces@lists.xensource.com Thu Jan 18 03:59:08 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Thu, 18 Jan 2007 03:59:08 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1H7VvA-00072R-43 for www-data@colo.xensource.com; Thu, 18 Jan 2007 03:59:08 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H7VwR-0003fo-Fp; Thu, 18 Jan 2007 12:00:27 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1H7VwP-0003ej-H8 for xense-devel@lists.xensource.com; Thu, 18 Jan 2007 12:00:25 +0000 Received: from [210.7.75.131] (helo=gatewayserver.nechclst.in) by lists.xensource.com with esmtp (Exim 4.50) id 1H7VwK-0004D3-9j for xense-devel@lists.xensource.com; Thu, 18 Jan 2007 12:00:23 +0000 Received: from nechclst.in ([10.0.0.9]) by gatewayserver.nechclst.in with InterScan Message Security Suite; Thu, 18 Jan 2007 17:27:01 +0530 Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Thu, 18 Jan 2007 17:27:00 +0530 Message-ID: <0A8CFEC45B7F4C419F7543867C47442366ECEA@mailserver.nechclst.in> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Regarding security parameters.. Thread-Index: Acc698K8gz+ofBs6R3ehZFry0HhSyw== From: "Praveen Kushwaha" To: X-imss-version: 2.045 X-imss-result: Passed X-imss-scanInfo: M:P L:E SM:0 X-imss-tmaseResult: TT:0 TS:0.0000 TC:00 TRN:0 TV:3.6.1039(14942.000) X-imss-scores: Clean:39.19118 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:2 C:1 M:1 S:1 R:1 (0.1500 0.1500) X-SA-Exim-Connect-IP: 210.7.75.131 X-SA-Exim-Mail-From: praveen.kushwaha@nechclst.in X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_50,HTML_MESSAGE autolearn=ham version=3.1.0 X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Subject: [Xense-devel] Regarding security parameters.. X-BeenThere: xense-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: "A discussion list for those developing security enhancements for Xen." List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1220465067==" Mime-version: 1.0 Sender: xense-devel-bounces@lists.xensource.com Errors-To: xense-devel-bounces@lists.xensource.com This is a multi-part message in MIME format. --===============1220465067== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C73AF7.C30AEDCF" This is a multi-part message in MIME format. ------_=_NextPart_001_01C73AF7.C30AEDCF Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, I have heard that the security scale from 1-7, the OSs like Linux, windows are at security level 4. But the Xen is claiming for security level 5.=20 I want to know what are the various security parameters for that security scale. What are various measurements on which we decide security level. If any one can give that parameters or any link related to that then it will be great helpful from me. =20 =20 =20 Thanks, Praveen Kushwaha =20 =20 =20 ------_=_NextPart_001_01C73AF7.C30AEDCF Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

= I have heard that the security scale from 1-7, the OSs like Linux, windows are at = security level 4.

= But the Xen is claiming for security level 5. =

= I want to know what are the various security parameters for that = security scale.

= What are various measurements on which we decide security = level.

= If any one can give that parameters or any link related to that then it = will be great helpful from me.

Thanks,

Praveen = Kushwaha = = &= nbsp; =

------_=_NextPart_001_01C73AF7.C30AEDCF-- --===============1220465067== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xense-devel mailing list Xense-devel@lists.xensource.com http://lists.xensource.com/xense-devel --===============1220465067==-- From xense-devel-bounces@lists.xensource.com Mon Jan 29 02:08:29 2007 Return-path: Envelope-to: www-data@colo.xensource.com Delivery-date: Mon, 29 Jan 2007 02:08:29 -0800 Received: from vm04-bcn-london.deploy.xenoserver.org ([217.147.82.229] helo=lists.xensource.com) by lists.staging.xensource.com with esmtp (Exim 4.43) id 1HBTR7-0005ct-B8 for www-data@colo.xensource.com; Mon, 29 Jan 2007 02:08:29 -0800 Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1HBTSd-0000jV-EE; Mon, 29 Jan 2007 10:10:03 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1HBTSb-0000iv-3K for xense-devel@lists.xensource.com; Mon, 29 Jan 2007 10:10:01 +0000 Received: from mta1.cl.cam.ac.uk ([128.232.0.15] ident=[CCOHZmSDypKUcjINXcsE705ZsabXY8M3]) by lists.xensource.com with esmtp (Exim 4.50) id 1HBTSS-0008EG-5l for xense-devel@lists.xensource.com; Mon, 29 Jan 2007 10:09:59 +0000 Received: from viterbi.cl.cam.ac.uk ([128.232.8.5] helo=cl.cam.ac.uk) by mta1.cl.cam.ac.uk with esmtp (Exim 3.092 #1) id 1HBTRa-0002uP-00; Mon, 29 Jan 2007 10:08:58 +0000 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.1-RC1 To: "Praveen Kushwaha" In-reply-to: Your message of "Thu, 18 Jan 2007 17:27:00 +0530." <0A8CFEC45B7F4C419F7543867C47442366ECEA@mailserver.nechclst.in> X-URL: http://www.cl.cam.ac.uk/~mgk25/ X-image-url: http://www.cl.cam.ac.uk/~mgk25/markus2-48.jpg Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 29 Jan 2007 10:08:48 +0000 From: Markus Kuhn Message-Id: X-SA-Exim-Connect-IP: 128.232.0.15 X-SA-Exim-Mail-From: markus.kuhn@cl.cam.ac.uk X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on (none) X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_40 autolearn=ham version=3.1.0 Subject: Re: [Xense-devel] Regarding security parameters.. X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Cc: xense-devel@lists.xensource.com X-BeenThere: xense-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: "A discussion list for those developing security enhancements for Xen." List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xense-devel-bounces@lists.xensource.com Errors-To: xense-devel-bounces@lists.xensource.com "Praveen Kushwaha" wrote on 2007-01-18 11:57 UTC: > I have heard that the security scale from 1-7, the OSs like > Linux, windows are at security level 4. > But the Xen is claiming for security level 5. Security is not a scalar. You cannot compare different product categories unless you provide a specific application and threat model: "Is this virus scanner more secure than this bicycle lock?" is hardly a meaningful question, but "Should I upgrade by bicycle lock rather than my virus scanner to lower my insurance premium?" might be. I suspect what you might refer to is that both Windows XP and at least two Linux distributions (the SUSE and Red Hat enterprise versions) have been formally evaluated under the ISO Common Criteria (CC) Controlled Access Protection Profile (CAPP) at Evaluation Assurance Level 4 (EAL4) a few years ago. Now, the EAL4 rating has nothing to do with the security of the product, it only characterizes the depth of the common criteria evaluation that has taken place (e.g., how carefully the evaluators studied the source code and documentation). To find about the actual strength of the product that was verified during the evaluation, and what that might mean for your particular application of the product, you'll have to read the security target document. Examples for Windows and Linux are http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID4025-ST.pdf http://www.bsi.de/zertifiz/zert/reporte/0256b.pdf I have not seen yet any CC security target for Xen 3.0. It would also not be entirely clear to me, how to directly compare the security of an operating system with that of a hypervisor, given that the two provide rather different levels of functionality. I doubt that CAPP (the operating system protection profile under which Windows and Linux have been evaluated) is directly applicable to the Xen hypervisor itself, which has at present no notion of files, users, etc. (although that might change with the XenSE project). Hope this helped ... Markus -- Markus Kuhn, Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/~mgk25/ || CB3 0FD, Great Britain _______________________________________________ Xense-devel mailing list Xense-devel@lists.xensource.com http://lists.xensource.com/xense-devel