[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Xen Security
Jonathan Tripathy wrote: Can you please explain to me some of these "side channel attacks"? At some points, the guest and host are communicating, not to mention that for a lot of the time, the guest is using the processor. If there is a bug in Xen somewhere, then it's conceivable that the guest could exploit this in several ways. One is simply to subvert the communications between the guest and the host - things like buffer overflows, code injection, etc that could be used to manipulate the host into doing something that it's not supposed to. If a guest can somehow get control of the host then all security is out of the windows since the host has "super god" access to everything on the machine. If the guest can somehow subvert the security settings in the processor then it could break out of it's virtual processor jail and have access to the whole machine. Once again, if that happens, then all your security goes out of the window. Personally I don't think the risks are high, but these are complex systems running complex code. Even the "big boys" can get things wrong - remember the Pentium floating point bug that slipped through all Intel's testing ? I've never heard of "storage reuse" before? You have some storage used for task A. Task A is no longer required and you destroy it. You now have a need for Task B and allocate it some storage. Unless you fully wipe the space, then the storage allocated to Task B may contain data previously used by Task A. This isn't Xen specific, the same thing happens if you reuse any storage in any form without sanitising it first. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |