[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Possible to prevent dom0 accessing guest memory?


  • To: xen-devel@xxxxxxxxxxxxx
  • From: Andy Smith <andy@xxxxxxxxxxxxxx>
  • Date: Mon, 14 Nov 2016 20:35:01 +0000
  • Delivery-date: Mon, 14 Nov 2016 20:35:08 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

Hi George,

On Mon, Nov 14, 2016 at 05:09:01PM +0000, George Dunlap wrote:
> There is probably a way to configure Xen to make it possible to build
> domains while making a full dump-core difficult to implement even by a
> motivated attacker; but that would be quite a bit more work (and very
> bespoke to your own particular situation).

I think if it could be made extremely difficult for a compromised
dom0 to dump guest memory then that would be useful to a wide range
of Xen users, as compromise of general purpose Linux hosts (like
most people's dom0s) is pretty commonplace.

Though I was reminded off-list (thanks for that), that Intel SGX and
AMD SME include features which can protect guest memory from other
guests/host/dom0, so perhaps that is a more sensible direction to go
in.

Thanks,
Andy

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.