[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Re: What is more secure? HVM or PV ?
For PV: The explicit hypercall API would be one possible attack vector - exploiting any bugs in Xen. The memory mapping interface could also be an attack vector (including both the paravirtualised and various shadowing code paths). PV also could be attacked in principle via the frontend / backend drivers - if the backend driver could be compromised and made to execute arbitrary code (or even write abitrary code to dom0's filesystem / swapfile for later executation) then it would be possible to take over the whole machine. The PV components have been in place for longer and have probably received more scrutiny. The HVM components are rather complex and have received, I think, less eyeballing. I'd guess (and it is really a guess) that I'd have more confidence in PV from a security point of view, but that's definitely not to say that there's anything specifically *wrong* with the HVM code, just that it's less mature. I agree, I think that because the PV API is also exposed to HVMs (PV-on-HVM), we can conclude that HVMs are theoretically less secure, becuase they have more attack vectors. David. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |