[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Re: Xen Security meeting summary

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
  • From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
  • Date: Tue, 1 Mar 2005 14:42:39 -0800
  • Cc: "David Lie" <lie@xxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 02 Mar 2005 14:08:04 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
  • Thread-index: AcUeqG1B7MpUBaBiTpytoO0lsbtp9wABe4OQ
  • Thread-topic: [Xen-devel] Re: Xen Security meeting summary
David Lie wrote:
> This was an interesting discussion.  I must be missing something
> though: 
> 
> - page mapping visibility: several people said that they felt
> uncomfortable with the global visibility of mappings from machine to
> physical address in a guest as this provides a lot of information to
> an attacker. 
> 
> How does letting an attacker know the physical to machine mappings
> benefit an attacker?  I assume the attacker still would not have
> read/write access to pages that do not belong to the compromised
> domain.  Is there a concrete attack that people are aware of, or is
> this just a precautionary measure? 
> 
> Thanks,
> 
> David Lie

The concern here was that we not give an attacker any more information
than necessary for the proper functioning of the system.

As you correctly noted, each domain's pages are protected from access by
other domains (modulo a small number of shared pages).  However, should
there be a bug in this protection that did allow some unauthorized
cross-domain access, knowing the physical pages used by other domains
would increase the capabilities of an attacker (over random page
scribbling).

And though it wasn't the motivation for the concern, removing such
global visibility also has the benefit of limiting one type of covert
channel.

So the thinking was that if we could remove these other domain mappings
without significant changes or disruptions then it is beneficial to do
so.

Joseph Cihula
(Linux) Software Security Architect
Intel Corp.

*** These opinions are not necessarily those of my employer ***


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.