WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch

from [Keir Fraser] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch
From: Keir Fraser <keir@xxxxxxxxxxxxx>
Date: Fri, 09 Mar 2007 09:43:28 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 09 Mar 2007 01:42:45 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1173383888.11144.119.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcdiL2PCohPaYM4iEduPNwAX8io7RQ==
Thread-topic: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch
User-agent: Microsoft-Entourage/11.2.5.060620 
On 8/3/07 19:58, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote:

> purpose of the security field is not only to facilitate information
> flows to resources, virtual or physical, in the hypervisor, but also to
> facilitate guests in the ability to identify channels based on these
> security properties and support information flows mediated by these
> guests.  This is really an important property for creating secure
> channels between domains as well as other resources (virtual or
> physical) resources.

E.g., the information flow from timer events to a guest? I can't envisage
what kinds of policies you might have in mind. I'm probably missing some
bigger picture.

> To achieve a very light-weight
> domain, one would like to remove as much functionality from that domain
> as possible, to include the interrupt handler.  Instead, there would
> exist a light-weight domain interrupt handler domain that is responsible
> for this functionality.  These interrupts would manifest as interdomain
> channels; however, the ipi mechanism remains unless a hook exists to
> block this code path.  Likewise, the light-weight domains wouldn't be
> able to close their channels arbitrarily, and require a check on close
> as well.

I think this sounds like a microkernel-style 'interrupt server'? Why would
you want that? And if you did have it, why would you care about the clients
of this server closing their ends of interdomain event channels?

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] vmx status report against changeset 14287 --Test Blocked by Bug 919, Tim Deegan
Next by Date:  RE: [Xen-devel] question about the guestOS boot, Petersson, Mats
Previous by Thread:  Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II
Next by Thread:  Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch, George S. Coker, II
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy