[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Publicity] Stealthy monitoring with Xen altp2m

  • To: "Lengyel, Tamas" <tlengyel@xxxxxxxxxxx>, Lars Kurth <lars.kurth.xen@xxxxxxxxx>
  • From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
  • Date: Mon, 25 Jan 2016 23:23:09 +0200
  • Cc: Mihai DonÈu <mdontu@xxxxxxxxxxxxxxx>, publicity@xxxxxxxxxxxxxxxxxxxx
  • Comment: DomainKeys? See http://domainkeys.sourceforge.net/
  • Delivery-date: Mon, 25 Jan 2016 21:23:14 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=nCKYKGYUcAkQ6cl0t4nAFLrp/THonbTS5zmHKuXqkreE09McL5LGelefqAS+YRlnFD7LZ55SSmx+52LV3Lm3S6qLMn1KVLIQ8G9ErRJ8Rh+b934A3LiGfEO/MCR6RFu7sz9o0uURdkuocaNv29DKJz+UEbkXWfPpBQ5iOgzTEX9WqMeguC2PS3GvfAxspdjfVw9FNGhser+KktktBqYIUJrecin26pZVo+SE2SPLQhQK1nEl58Yik89kVwU+IBzqYrXe0j9tsK+A8ZaEQRwsCN81E1XDivH/u+nf0B77I+MWJPmZwKhe77e4kOHxGBzaJG0ESVe7iITNu0IhR1jlYA==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;
  • List-id: "List for Xen Publicity, PR and events" <publicity.lists.xenproject.org>
On 01/25/2016 10:51 PM, Lengyel, Tamas wrote:
> This solution, while supported in Xen, is not particularly ideal either
> as Xen's emulator is incomplete and is known to have issues that can
> lead to guest instability [2]. Furthermore, over the years emulation has
> been a hotbed of various security issues in many hypervisors (including
> Xen [3]), thus building security tools based on emulation is simply
> asking for trouble. It can be handy but should be used only when no
> other option is available.

I still don't feel that building security tools based on emulation is
asking for trouble, for obvious reasons. :)

And I think it can be argued that link [2], pointing to a message posted
on xen-devel, does not prove that the emulator is particularly
problematic, but rather that a problem exists with a corner case (as my
reply to that message tries to point out). Furthermore, as discussed
with Tamas in private today, altp2m tests I've written today crash my
guest no less than Tamas' emulator code, in a similarly obscure manner.

I'm just wondering if altp2m, which is certainly very interesting and
valuable, could not be presented more based on it's intrinsic uniqueness
and strengths, rather than in battle with alternatives to be defeated,
though of course it's not my article to write or my decision to make,
and I respect everyone's opinion.


Thank you,
Razvan

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.