[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Security of XEN vs. Barebone

  • To: mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Stefan Xenon <stefanxe@xxxxxxx>
  • Date: Tue, 3 Nov 2015 21:25:06 +0100
  • Delivery-date: Tue, 03 Nov 2015 20:25:21 +0000
  • List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

The recently fixed security bug in XEN brought attention to XEN's
security quality. MirageOS is primarily based on XEN but also a
barebone/rumpkernel setup seems to be an option (I'm not sure how mature
it is but I leave this aside for the purpose of this discussion).
MirageOS on top of XEN segregates domains which--for instance--protects
the actual application against potentially vulnerable device drivers. On
the other hand this protection is not 100% (e.g. security bugs) and
XEN's own complexity increases the attack vector theoretically. A
barebone setup has a smaller footprint and smaller attack vector but no
segregation (AFAIK). Which setup would you recommend from a security
point of view?

Disclaimer: I don't have experience coding MirageOS but follow the
project on a conceptual level.


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.