WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Fw: [Xen-devel] Xen on /. again


Hi,

I work with Reiner and was formerly the manager of the L4 SawMill project.

SawMill was a very different project where we were looking to manage the complexity of OS code and improve security using multiservers -- i.e., isolation of individual parts of the operating system from each other running on the hypervisor.  Few modifications to the hypervisor (in this case, L4) were required for this, but many mods to the OS code.

The new project aims to add security checks on hypervisor resources in the hypervisor.  Thus, changes to the hypervisor are necessary.  

The best analogue for what is being proposed is the addition of the Linux Security Modules (LSM) interface to Linux 2.6 -- this enables mandatory access control to be enforced on the use of Linux resources by independent security modules which permits flexible security choices.

Here is a brief list of the lessons that I think that we may be able to apply to Xen work based on both the SawMill and LSM experiences.

- minimize (manual) changes required to guest OSs (at this time SawMill required many changes)
- enable use of many drivers (i.e., enable driver development via driver model -- Xen aims to provide this)
- isolation boundaries cost more than you might think, but computers are a lot faster now (10X+)
- we need mandatory access control interface like LSM to have flexible control of resources (rather than dump resources to a control partition)
- authorize access at bind time rather than at use time (no critical path impact)

I am sure that there are others.

Regards,
Trent.
------------------------------------------------------------
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225

----- Forwarded by Reiner Sailer/Watson/IBM on 01/18/2005 07:34 PM -----
Jacob Gorm Hansen <jacobg@xxxxxxx>  

01/18/2005 07:28 PM
To
Reiner Sailer/Watson/IBM@IBMUS
cc
xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject
Re: [Xen-devel] Xen on /. again






Reiner Sailer wrote:

> It is not that fast. sHype is not in any Xen source
> yet. Currently it is running on our research hypervisor.
> We want to discuss with the Xen community while we
> are porting it to Xen so we can address comments and
> adapt it where necessary.

hi,

is sHype related to the old L4 Sawmill project in any way? Are there any
lessons learned from that project that would be relevant to the work on Xen?

Jacob