|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
The following patches expand on the original ACM security framework contributed by IBM. These patches create a general security module framework called Xen Security Modules (XSM). The present implementation is not complete, but we are releasing the XSM prototype in preparation for presentation and discussion at next week's Xen summit. The first patch in this series provides XSM functionality for Xen. The XSM is modeled after similar functionality found in Linux under the Linux Security Modules (LSM). XSM provides a dedicated security namespace, general support for a module defined security hypercall, general support for policy discovery during boot, and a default (dummy) security module, as well as an extensible security hook interface. The second patch in this series demonstrates the existing ACM security engine, sHype, as an XSM module. Additional nativization and optimization of the sHype module to the XSM interface remains, but the prototype is consistent with functionality found in non-XSM Xen. The third patch in this series introduces a new security module called Flask. Flask provides a flexible mandatory access control security architecture similar to the security architecture in SELinux. The Flask XSM module is a work in progress, but is an example of a module that employs all of the features of XSM. The fourth patch in this series provides a sample policy for Flask. The practical use of the sample policy is limited to exercising XSM hooks and can only be used in permissive/warning mode. Subsequent policy releases will track dom0/domU behavior and be enforceable. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |