|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] Security of XEN vs. Barebone
On 3 November 2015 at 20:25, Stefan Xenon <stefanxe@xxxxxxx> wrote: > Hi! > The recently fixed security bug in XEN brought attention to XEN's > security quality. MirageOS is primarily based on XEN but also a > barebone/rumpkernel setup seems to be an option (I'm not sure how mature > it is but I leave this aside for the purpose of this discussion). > MirageOS on top of XEN segregates domains which--for instance--protects > the actual application against potentially vulnerable device drivers. On > the other hand this protection is not 100% (e.g. security bugs) and > XEN's own complexity increases the attack vector theoretically. A > barebone setup has a smaller footprint and smaller attack vector but no > segregation (AFAIK). Which setup would you recommend from a security > point of view? Running a single Mirage VM under Xen is almost certainly going to be at least as secure as running Mirage on bare metal. A Xen vulnerability may allow a compromised driver to attack the Mirage VM, but you'd still have the same or similar driver bugs on bare metal (and there with no protection at all). It may also allow another VM to attack the Mirage one, but if you don't mind running bare metal then you won't mind only running one Xen guest, either. > Disclaimer: I don't have experience coding MirageOS but follow the > project on a conceptual level. -- Dr Thomas Leonard http://roscidus.com/blog/ GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |