RE: [Xen-users] Xen Security

["Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>]

Jonathan, I will "psychologically" shortcut your question :-)   : you actually
really want to do this and you need approval by someone of the list. This is
not a good way to handle this matter. Think of the consequences of a security
breach, then think about the expenses to avoid this and then come to a
conclusion. What you are doing is bottom-up: you have your infrastructure and
you wonder if you can bend it in such a way it will give you peace of mind.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Bart, I'm asking here because I am not aware of any Xen exploits and breechs, and I am trying to do research. I can't find anything useful on Google. I really do feel that even if I did seperate everything onto seperate boxes, the matter still woudn't be resolved, as if one customer "broke out" of their VM, they could steal other customer's data. Infact, I would nearly say that would be worse than if my data was stolen, as if it were my data that was stolen, I would only have myself to blame...

Even seperating storage woudn't really help in this matter, as storage would still be shared among several VMs.

 

It gets to the stage where the only secure thing to do is to avoid Xen altogether, and offer dedicated servers. Of course, this is not the thing that I want to do.

 

There are many people on this list that offer VPS hosting services to untrusted customers, and I'm trying to guage what measures they take (if any) to prevent such exploits. From what I gather, no one does anything, except keep their network secure. As someone mentioned, Amazon EC2 use Xen, and if there was an exploit, we would have heard about it by now...

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users