[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Using Xen as a jail for malicious code

To: Florian Weimer <fw@xxxxxxxxxxxxx>
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Tue, 25 Oct 2005 20:49:40 +0100
Cc: Rob Renaud <rrenaud@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 25 Oct 2005 19:48:01 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

> > That's what it was originally created for: containment of arbitrary
> > untrusted code submitted to a Xenoserver (Xenoservers project described:
> > http://www.cl.cam.ac.uk/Research/SRG/netos/xeno/).
>
> What about the rogue DMA problem mentioned in some of the papers?
> Has this been addressed?

Rogue DMAs was only a problem if domains have access to real devices - for 
unprivileged domains (the norm) which just have virtual devices it's never 
been an issue.

Conversely, domains which do have real device access must always be considered 
privileged, due to limitations of current hardware.  Usually that's just 
dom0, though, unless you've got a really advanced setup.

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Using Xen as a jail for malicious code
  - From: Rob Renaud
- Re: [Xen-users] Using Xen as a jail for malicious code
  - From: Mark Williamson
- Re: [Xen-users] Using Xen as a jail for malicious code
  - From: Florian Weimer

Prev by Date: Re: [Xen-users] Using Xen as a jail for malicious code
Next by Date: Re: [Xen-users] Pacifica/VT
Previous by thread: Re: [Xen-users] Using Xen as a jail for malicious code
Next by thread: [Xen-users] xensv web page displaying what it should
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.