This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Int

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
From: "Jun Koi" <junkoi2004@xxxxxxxxx>
Date: Sat, 2 Sep 2006 02:36:12 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 01 Sep 2006 10:36:38 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QLBGfpM+P1SHPTDbt0QHfuP+QN0Ch1txBJHyIAGnaUBclsXA8JL+5iDUGINnBSfSaX0wX/bBIa2M14i1Strv4fF0iikrkNQc7n3CJc36o/sjZJHjd0W9CJ4Q0XIxqNA3iuNs42xA6Brz5svv83853GNlmOoPnZto5dDE8V4scME=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1157129851.22006.187.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1157129851.22006.187.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi George,

Awesome, you guys have done a great job!!!

Few questions:

- So we can use XMS instead of ACM, thus we can remove ACM in the
future? (same as LSM, which seems to monopoly the security policy of
Linux? )

- LSM has a problem of not supporting stacking module, and that is
really paint in the arse. How about XSM? Do you try to fix that

Will look at the code as soon as I have time :-)


On 9/2/06, George S. Coker, II <gscoker@xxxxxxxxxxxxxx> wrote:
The following patches expand on the original ACM security framework
contributed by IBM.  These patches create a general security module
framework called Xen Security Modules (XSM).  The present implementation
is not complete, but we are releasing the XSM prototype in preparation
for presentation and discussion at next week's Xen summit.

The first patch in this series provides XSM functionality for Xen.  The
XSM is modeled after similar functionality found in Linux under the
Linux Security Modules (LSM).  XSM provides a dedicated security
namespace, general support for a module defined security hypercall,
general support for policy discovery during boot, and a default (dummy)
security module, as well as an extensible security hook interface.

The second patch in this series demonstrates the existing ACM security
engine, sHype, as an XSM module.  Additional nativization and
optimization of the sHype module to the XSM interface remains, but the
prototype is consistent with functionality found in non-XSM Xen.

The third patch in this series introduces a new security module called
Flask.  Flask provides a flexible mandatory access control security
architecture similar to the security architecture in SELinux.  The Flask
XSM module is a work in progress, but is an example of a module that
employs all of the features of XSM.

The fourth patch in this series provides a sample policy for Flask.  The
practical use of the sample policy is limited to exercising XSM hooks
and can only be used in permissive/warning mode.  Subsequent policy
releases will track dom0/domU behavior and be enforceable.

Xen-devel mailing list