[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Security of XEN vs. Barebone

On 3 November 2015 at 20:25, Stefan Xenon <stefanxe@xxxxxxx> wrote:
> Hi!
> The recently fixed security bug in XEN brought attention to XEN's
> security quality. MirageOS is primarily based on XEN but also a
> barebone/rumpkernel setup seems to be an option (I'm not sure how mature
> it is but I leave this aside for the purpose of this discussion).
> MirageOS on top of XEN segregates domains which--for instance--protects
> the actual application against potentially vulnerable device drivers. On
> the other hand this protection is not 100% (e.g. security bugs) and
> XEN's own complexity increases the attack vector theoretically. A
> barebone setup has a smaller footprint and smaller attack vector but no
> segregation (AFAIK). Which setup would you recommend from a security
> point of view?

Running a single Mirage VM under Xen is almost certainly going to be
at least as secure as running Mirage on bare metal.

A Xen vulnerability may allow a compromised driver to attack the
Mirage VM, but you'd still have the same or similar driver bugs on
bare metal (and there with no protection at all). It may also allow
another VM to attack the Mirage one, but if you don't mind running
bare metal then you won't mind only running one Xen guest, either.

> Disclaimer: I don't have experience coding MirageOS but follow the
> project on a conceptual level.

Dr Thomas Leonard        http://roscidus.com/blog/
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.