[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen architecture question (How strong are the Xen boundaries?)

I am working on a system that requires a system provides isolation between various system components and we are looking at using Xen to do this.  One of our requirements is that the code that enforces the separation is small and inspectable.  At first blush, the Xen code appears to meet this, but I have a nagging concern that a mis-designed GuestOS could bypass Xen.  I don't have any specific reason to believe this, but I wanted to ask if anyone can comment on whether this is possible, given the design of Xen.

So, the two questions are:
(1)  Can a GuestOS ever bypass the Xen boundaries? 
(2)  How big (in lines of code) is the subsystem in Xen that enforces this?

Thanks in advance.  Any help is greatly appreciated.


Charlie Woloszynski
Innovative Concepts Inc.
703-893-2007 x506



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.