Xen project Mailing List

Re: [Publicity] Stealthy monitoring with Xen altp2m

To: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

From: "Lengyel, Tamas" <tlengyel@xxxxxxxxxxx>

Date: Mon, 25 Jan 2016 15:05:46 -0700

Cc: Lars Kurth <lars.kurth.xen@xxxxxxxxx>, Mihai DonÈu <mdontu@xxxxxxxxxxxxxxx>, publicity@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 25 Jan 2016 22:06:10 +0000

List-id: "List for Xen Publicity, PR and events" <publicity.lists.xenproject.org>

On Mon, Jan 25, 2016 at 2:23 PM, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> wrote:

On 01/25/2016 10:51 PM, Lengyel, Tamas wrote:
> This solution, while supported in Xen, is not particularly ideal either
> as Xen's emulator is incomplete and is known to have issues that can
> lead to guest instability [2]. Furthermore, over the years emulation has
> been a hotbed of various security issues in many hypervisors (including
> Xen [3]), thus building security tools based on emulation is simply
> asking for trouble. It can be handy but should be used only when no
> other option is available.

I still don't feel that building security tools based on emulation is
asking for trouble, for obvious reasons. :)

And I think it can be argued that link [2], pointing to a message posted
on xen-devel, does not prove that the emulator is particularly
problematic, but rather that a problem exists with a corner case (as my
reply to that message tries to point out). Furthermore, as discussed
with Tamas in private today, altp2m tests I've written today crash my
guest no less than Tamas' emulator code, in a similarly obscure manner.

I'm just wondering if altp2m, which is certainly very interesting and
valuable, could not be presented more based on it's intrinsic uniqueness
and strengths, rather than in battle with alternatives to be defeated,
though of course it's not my article to write or my decision to make,
and I respect everyone's opinion.

For a blog entry having that much opinion I think is fine. I admit I do have a strong opinion against using emulating with the track record it had for security purposes. Even if there were no hard evidence against it being problematic right now, I would at least be cautious about it. I do point out that It certainly has value when there is no alternative available. Flexibility with Xen is what's so great, you have options available if you don't agree with me ;)

Tamas

_______________________________________________ Publicity mailing list Publicity@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity