This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM

To: xense-devel@xxxxxxxxxxxxxxxxxxx, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Fri, 1 Sep 2006 23:43:24 -0400
Cc: Chris Wright <chrisw@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 01 Sep 2006 20:43:37 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1157139428.22006.248.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/01/2006 03:37:07 PM:

> > >      set_bit(_DOMF_privileged, &dom0->domain_flags);
> > >      /* post-create hooks sets security label */
> > >      acm_post_domain0_create(dom0->domain_id);
> > > +
> > > +    xsm_complete_init(dom0);
> >
> > Seems this should drop the acm hook here, no?
> >
> We did not want the XSM patch to add XSM and remove ACM because we do
> not believe that the community sees ACM and sHype as the distinct
> entities that they really are.  That's why we have the patch that
> removes the duplicated hooks and code and produces a module called ACM.
> Hopefully in the future XSM will refer to the security framework and the
> the STE/Chinese Wall functionality of ACM will be called the sHype
> module.

XSM would effectively replace the small set of hooks that the sHype/ACM module introduced with a more generic mediation framework. sHype would use the XSM hook framework to control the same operations that it controls now. The way users interact with sHype(XSM) (tools, policies, labeling, ...) would not be affected by XSM. Instead of being both hooks and security module, sHype(XSM) would be a security module and XSM would offer the hooks.

Ideally, XSM would be a standardized and generic Xen interface that offers the possibility for researchers to easily experiment with proprietary security modules. At the same time, it must have very low performance overhead and be effective to support enterprise security on highly utilized platforms.

It is very good for starting the discussions that George and team succeeded to submit their code before the Xen Summit. Thank you!

Xense-devel mailing list