[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] TLS on Xen write-up
On 21 January 2015 at 11:38, David Scott <scott.dj@xxxxxxxxx> wrote: > > > On Wed, Jan 21, 2015 at 11:07 AM, Thomas Leonard <talex5@xxxxxxxxx> wrote: >> >> I've now got my file queue REST service working with TLS on >> Mirage/Xen, and I've put up my notes on the process here: >> >> http://roscidus.com/blog/blog/2015/01/21/securing-the-unikernel/ >> >> Let me know if you spot any flaws in the scheme! It would be good to >> have some of our security guys check I'm doing sane things. > > > Very interesting post! > > Regarding checking that your components aren't 'accidentally' accessing the > raw block device: I'm sure you're right that linking the unikernel for Unix > would smoke out any references to the raw Xen blkfront. It might get a bit > harder in future when blkfront itself has been functorised and can be linked > anywhere, but perhaps this is where a bit of dead code analysis comes in -- > we already want to remove unused functions to shrink binary size but perhaps > we could check that certain functions/modules/functors have been removed to > prove a security property? I don't think it's a problem if Xen blkfront is linked in, as long as it can't be used to connect to an actual disk without further authority being used. From a capability point of view, the "connect" function is the problem here, because it turns a string (which anything can create from nothing) into access to a disk. The ambient authority it uses looks like Xs, Eventchn and Gntshr. These modules all access the outside world without taking inputs giving them such access, so ideally they would be flagged as "unsafe". But a functorised version of blkfront that took them as arguments would be fine. -- Dr Thomas Leonard http://0install.net/ GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |