Re: About Xen: maybe a reiterative question but ..

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Dave Anderson <dave@...>

To: Misc-Openbsd Listserv <misc@...>

Subject: Re: About Xen: maybe a reiterative question but ..

Date: Wednesday, October 24, 2007 - 11:45 am

On Wed, 24 Oct 2007, L. V. Lammert wrote:

quoted text>Virtualization provides near absolute security - DOM0 is not visible to
>the user at all, only passing network traffic and handling kernel calls.
>The security comes about in that each DOMU is totally isolated from the
>the others, while the core DOM0 is isolated from any attacks.

In theory, you're correct.

In practice there are (at least) four questions which all must be
answered in the affirmative for this to be true:

1) Does the hardware architecture provide all of the hooks needed to
   implement virtualization?
2) Does the specific hardware correctly implement that architecture?
3) Does the virtualization software architecture properly implement
   virtualization?
4) Does the specific software correctly implement that architecture?

Answering any of those questions takes both a lot of work and, all too
often, access to information which is not generally available.  And if
any of the answers is 'no', the security of anything run under that
virtualization may be fatally compromised -- no matter how secure that
software may be when run standalone.

	Dave

-- 
Dave Anderson
<dave@daveanderson.com>

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:18 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:31 am)

Re: About Xen: maybe a reiterative question but .., Dave Anderson, (Wed Oct 24, 11:45 am)

Re: About Xen: maybe a reiterative question but .., Lars Hansson, (Thu Oct 25, 12:50 am)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 11:12 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:03 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 2:41 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 3:27 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 4:16 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 4:37 pm)

Re: About Xen: maybe a reiterative question but .., Darren Spruell, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 3:46 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:31 pm)

Re: About Xen: maybe a reiterative question but .., Kevin Stam, (Wed Oct 24, 5:04 pm)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 2:14 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:28 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 3:37 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:16 am)

Re: About Xen: maybe a reiterative question but .., , (Thu Oct 25, 2:36 pm)

Hardware support for secure virtualization (was: About Xen: ..., Rodrigo V. Raimundo, (Thu Oct 25, 6:50 am)

Re: Hardware support for secure virtualization (was: About X..., Stuart Henderson, (Thu Oct 25, 7:13 am)

Re: About Xen: maybe a reiterative question but .., Lars Noodén, (Thu Oct 25, 4:00 am)

Re: About Xen: maybe a reiterative question but .., Richard Toohey, (Thu Oct 25, 4:06 am)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:41 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 6:52 pm)

Re: About Xen: maybe a reiterative question but .., Daniel Ouellet, (Wed Oct 24, 5:19 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 3:22 pm)

Re: About Xen: maybe a reiterative question but .., Matthew Weigel, (Wed Oct 24, 6:35 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 2:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 4:48 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 5:31 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 5:59 pm)

Re: About Xen: maybe a reiterative question but .., Steve Shockley, (Wed Oct 24, 9:53 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 11:02 am)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 8:06 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:14 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Thu Oct 25, 10:30 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:11 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 9:46 pm)

Re: About Xen: maybe a reiterative question but .., Brian, (Wed Oct 24, 9:51 pm)

Re: About Xen: maybe a reiterative question but .., Damien Miller, (Wed Oct 24, 10:05 pm)

Re: About Xen: maybe a reiterative question but .., Tony Abernethy, (Wed Oct 24, 11:07 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Thu Oct 25, 9:04 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:09 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 10:01 pm)

Re: About Xen: maybe a reiterative question but .., Tom Van Looy, (Thu Oct 25, 12:54 pm)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Thu Oct 25, 4:36 pm)

Re: About Xen: maybe a reiterative question but .., Matt Rowley, (Fri Oct 26, 8:34 am)

Re: About Xen: maybe a reiterative question but .., Subcommander l0r3zz, (Fri Oct 26, 1:23 pm)

Re: About Xen: maybe a reiterative question but .. , Jeremy Huiskamp, (Wed Oct 24, 7:52 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:27 pm)

Re: About Xen: maybe a reiterative question but .., Shawn K. Quinn, (Sun Oct 28, 2:29 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Sun Oct 28, 5:34 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Sun Oct 28, 6:18 pm)

Re: About Xen: maybe a reiterative question but .., Nick Holland, (Sun Oct 28, 10:31 pm)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 8:43 am)

Re: About Xen: maybe a reiterative question but .., bofh, (Mon Oct 29, 9:11 am)

Re: About Xen: maybe a reiterative question but .., Douglas A. Tutty, (Mon Oct 29, 4:26 pm)

Re: About Xen: maybe a reiterative question but .., Balázs, (Mon Oct 29, 11:56 pm)

Re: About Xen: maybe a reiterative question but .., Karsten McMinn, (Thu Oct 25, 12:15 am)

Re: About Xen: maybe a reiterative question but .. , Tony Abernethy, (Wed Oct 24, 6:27 pm)

Re: About Xen: maybe a reiterative question but .. , L. V. Lammert, (Wed Oct 24, 6:44 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 8:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 9:20 pm)

Re: About Xen: maybe a reiterative question but .., Darrin Chandler, (Wed Oct 24, 9:54 pm)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Wed Oct 24, 9:57 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 10:06 am)

Re: About Xen: maybe a reiterative question but .., Jason Dixon, (Thu Oct 25, 12:23 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 1:43 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Thu Oct 25, 12:26 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 5:26 pm)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 6:00 pm)

Re: About Xen: maybe a reiterative question but .., Henning Brauer, (Wed Oct 24, 6:14 pm)

Re: About Xen: maybe a reiterative question but .., Paul de Weerd, (Wed Oct 24, 10:50 am)

Re: About Xen: maybe a reiterative question but .., L. V. Lammert, (Wed Oct 24, 1:16 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 1:45 pm)

Re: About Xen: maybe a reiterative question but .., Adam Getchell, (Wed Oct 24, 12:46 pm)

Re: About Xen: maybe a reiterative question but .. , Theo de Raadt, (Wed Oct 24, 12:59 pm)

Re: About Xen: maybe a reiterative question but .. , Jack J. Woehr, (Wed Oct 24, 1:14 pm)

Re: About Xen: maybe a reiterative question but .., bofh, (Wed Oct 24, 3:39 pm)

Re: About Xen: maybe a reiterative question but .., Marc Espie, (Wed Oct 24, 1:44 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Arjan van de Ven	[patch] Add basic sanity checks to the syscall execution patch
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Karl Meyer	PROBLEM: 2.6.23-rc "NETDEV WATCHDOG: eth0: transmit timed out"
Greg Kroah-Hartman	[PATCH 022/196] adb: Convert from class_device to device
git:
Jakub Narebski	Re: VCS comparison table
Mark Levedahl	Re: [PATCH] Teach remote machinery about remotes.default config variable
Matthieu Moy	git push to a non-bare repository
Jon Smirl	Re: Calculating tree nodes
openbsd-misc:
Marco Peereboom	Re: Real men don't attack straw men
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Tony Abernethy	Re: What is our ultimate goal??
linux-netdev:
Felix Radensky	RE: e1000e "Detected Tx Unit Hang"
Jeff Garzik	Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Andy Grover	[PATCH] RDS: Add AF and PF defines for RDS sockets
David Miller	Re: [PATCH] inet6: Fix paramater issue of inet6_csk_xmit

Latest forum posts


trouble with my Asus Mainboard	11 hours ago	Linux kernel
How to exec user process in kernel mode.	2 days ago	Linux kernel
[IPSEC]IPSEC_MANUAL_REQID_MAX	2 days ago	Linux kernel
help in UDP catching module..	3 days ago	Linux kernel
Is there anything like Real-time drivers?	5 days ago	Linux general
ns16550 serail console in Linux 2.6.19	5 days ago	Linux general
what class should i use to register my devices	5 days ago	Linux kernel
reset bios pasword toshiba	6 days ago	Hardware
Analysis of Process Scheduling	1 week ago	Linux kernel
RT Kernel and SSH Server Panics	1 week ago	Linux kernel

Show all forums...

Recent Tags

-rc quote Linus Torvalds H. Peter Anvin Andrew Morton -rc5 -rc4 filesystem Tux3 Linux 2.6.27 2.6.27-rc5 Daniel Phillips

more tags

Colocation donated by:

Online users

Syndicate