[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Security of Xen host and guests?

  • To: voipfc@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
  • Date: Tue, 24 Apr 2007 12:47:18 +0200
  • Delivery-date: Tue, 24 Apr 2007 03:46:17 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AceGXJaVnJW32J25SYySCBLEKHCmYAAABGug
  • Thread-topic: [Xen-users] Security of Xen host and guests?


> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Frank Church
> Sent: 24 April 2007 11:37
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Security of Xen host and guests?
> How secure are Xen guests and hosts if a guest is compromised?
> Does the compromise of a guest be as a gateway to compromise both
> hosts and other guests?

Aside from the possibility that a guest can use up 100% of it's assigned
resources (CPU, Network bandwidth etc) (which if you don't expect it to
use more than 10% can cause interesting effects on the overall system
performance). There are ways to limit any and all of those resources, so
a well configured system wouldn't be able to notice this at all. 

Each guest is protected from getting to any other guest and it's not
possible for example for a guest to access another guests memory or
disk-storage [a guest can ALLOW another guest to access it's memory,
that's how drivers work, but the guest owning the memory must perform a
"grant" operation]. 

So essentially, we have the same situation as if you have two or more
machines running on the same network - if one is compromised, the other
shoulds till stay "safe" as long as the setup itself is secured properly
(e.g. if you have the same passwords on both machines, one could
presumably log in from one to the other knowing the password). 

The host-domain (Dom0) is just another domain from the hypervisors
perspective - along the same lines as "root" is another user. It is
special in the sense that it's got permissions to create/destroy other
guests. But from a security perspective, it is no more or less secure
than any other guest in and of itself. Of course, hopefully any sysadmin
worth his salt should set extra security for accessing Dom0. Just like
in a network of "real" machines, you'd protect the file-server a bit
more [e.g. not allow regular users to log in there, extra firewall
protection, etc, etc] than you may do with the regular desktop/client

> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.