[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Security of Xen host and guests?

Petersson, Mats wrote:
>> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Frank
>> How secure are Xen guests and hosts if a guest is compromised?
>> Does the compromise of a guest be as a gateway to compromise both
>> hosts and other guests?
> Each guest is protected from getting to any other guest and it's not
> possible for example for a guest to access another guests memory or
> disk-storage [a guest can ALLOW another guest to access it's memory,
> that's how drivers work, but the guest owning the memory must perform
> a "grant" operation].    

I realize that this is the security policy for Xen, but can we really 
be sure that the hypervisor implementation is provably secure?  I doubt 
that NSA would consider it so.  Just because we haven't seen someone 
"break out" of a guest doesn't mean it's impossible.  That's why there 
is still research going on into secure hypervisors (e.g., shype).

I know this is a little paranoid, but nevertheless.  It posits 
something like a very clever, low-level timing attack on a fundamental 
implementation or design flaw.  Remember the blind spots inherent in 
breaking one's own security.  

However, for general purpose, commercial use, I'm willing to believe 
that Xen is pretty darn secure.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.