[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Security of XEN vs. Barebone

To: mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
From: Stefan Xenon <stefanxe@xxxxxxx>
Date: Tue, 3 Nov 2015 21:25:06 +0100
Delivery-date: Tue, 03 Nov 2015 20:25:21 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Hi!
The recently fixed security bug in XEN brought attention to XEN's
security quality. MirageOS is primarily based on XEN but also a
barebone/rumpkernel setup seems to be an option (I'm not sure how mature
it is but I leave this aside for the purpose of this discussion).
MirageOS on top of XEN segregates domains which--for instance--protects
the actual application against potentially vulnerable device drivers. On
the other hand this protection is not 100% (e.g. security bugs) and
XEN's own complexity increases the attack vector theoretically. A
barebone setup has a smaller footprint and smaller attack vector but no
segregation (AFAIK). Which setup would you recommend from a security
point of view?

Disclaimer: I don't have experience coding MirageOS but follow the
project on a conceptual level.

Regards,
Stefan

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

Follow-Ups:
- Re: [MirageOS-devel] Security of XEN vs. Barebone
  - From: Thomas Leonard

Prev by Date: Re: [MirageOS-devel] Syslogd Unikernel
Next by Date: Re: [MirageOS-devel] Syslogd Unikernel
Previous by thread: [MirageOS-devel] Syslogd Unikernel
Next by thread: Re: [MirageOS-devel] Security of XEN vs. Barebone
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.