[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] Secure design and stub-domains


  • To: 'Anil Madhavapeddy' <anil@xxxxxxxxxx>, "xen-api@xxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxx>
  • From: Thomas Sanders <thomas.sanders@xxxxxxxxxx>
  • Date: Fri, 30 May 2014 13:39:23 +0000
  • Accept-language: en-GB, en-US
  • Delivery-date: Fri, 30 May 2014 13:39:34 +0000
  • List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>
  • Thread-index: Ac98AwCYffjdGUZZT36rcZ5ATmuo7A==
  • Thread-topic: Secure design and stub-domains

On 30 May 2014 at 2:27 pm,
Anil Madhavapeddy [mailto:anil@xxxxxxxxxx] wrote:
> On 15 May 2014, at 15:56, Thomas Sanders <thomas.sanders@xxxxxxxxxx> wrote:
> >
> > I care about security. I was the tech lead for the work of getting a
> > slightly customised version of XenServer 6.0.2 through Common Criteria
> > certification. I'd love a chance to apply a capability-based approach
> > where it makes sense. We could probably use OCaml's type system to get
> > more assurances of correctness than we do at present. I look forward to
> > dom0 services being split out into individual service VMs or stub-
> > domains.
> 
> It's really interesting to hear this.  There is an information-flow variant
> of OCaml called FlowCaml that could be resurrected fairly easily if
> a suitable use case came up (like CC cert).
> This lets the programmer understand how information is travelling across
> various modules in a complex codebase.

Thank you: FlowCaml does look interesting.

Another security-related OCaml variant is Emily[1][2], "a subset of
OCaml that uses a design rule verifier to enforce object-capability
principles. It demonstrates how memory-safe languages can be
transformed into breach-resistant object-capability systems with
little loss of either expressivity or performance."

Emily and FlowCaml could even be combined.

> Dave and Thomas have also been
> pulling out the core logic of Xenstore into a separate Git-like database
> called Irmin

Just to clarify for others: that would be Thomas Gazagnaire, not me.

Thomas Sanders

[1] http://wiki.erights.org/wiki/Emily
[2] http://www.skyhunter.com/marcs/emilyWalnut.html


_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.