xen-devel

[Top] [All Lists]

RE: [Xen-devel] Academic Project

from [dinesh chandrasekaran]

[Permanent Link][Original]

To:	<christian@xxxxxxxx>
Subject:	RE: [Xen-devel] Academic Project
From:	dinesh chandrasekaran <dinesh_chan8@xxxxxxxxxxx>
Date:	Fri, 6 Mar 2009 02:16:30 +0530
Cc:	xen developers community <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Thu, 05 Mar 2009 12:47:29 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
Importance:	Normal
In-reply-to:	<20090305084705.GA5746@core>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<COL107-W662A85A97BE16D6CB54455B1AE0@xxxxxxx> <add59a3f0902230816l42ce6c97l263e5f40a735e56@xxxxxxxxxxxxxx> <COL107-W18AB1966241BA41FB0025FB1AE0@xxxxxxx> <COL107-W60C682B2373EA2830D58E2B1A60@xxxxxxx> <20090303225412.GA26841@core> <COL107-W5516978ABED2A03D11348CB1A70@xxxxxxx> <20090304005536.GA1450@core> <COL107-W147CA88193483F639D9C2AB1A70@xxxxxxx> <20090304084557.GA8743@core> <COL107-W314DC7057E67F62298CA7AB1A70@xxxxxxx> <20090305084705.GA5746@core>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Assuming the following,
1) security of the Xen kernel is not brocken (through TPMs)
2) I need to protect against physical attacks to the system (because we have a very good intrusion detection system in place).
So I'm going with Verilog in FPGA.
3) IOMMUs protecting against DMA attacks.

Where in the xen source should I modify code to allocate guest memory from
memory behind the FPGA and not "general" mem pool?

Christian, I appreciate your participation and valuable suggestions (They will definitely find a place in my report).

regards,
Dinesh C

> Encypting in hardware gets interesting again when you want to try to protect
> against physical attacks to the system. (assuming very good case intrusion
> detection)

> Date: Thu, 5 Mar 2009 09:47:05 +0100
> From: christian@xxxxxxxx
> To: dinesh_chan8@xxxxxxxxxxx
> Subject: Re: [Xen-devel] Academic Project
> CC: xen-devel@xxxxxxxxxxxxxxxxxxx
>
> On Wed, Mar 04, 2009 at 10:11:41PM +0530, dinesh chandrasekaran wrote:
>
> Hi dinesh
>
> > Xen talks to the protection hardware behind which all the guest memory
> > exists.
>
> The memory is mapped.
>
> And i was wrong, the dom0 can't just access all memory in the system.
>
> > This is more secure because,
> > now if do the following you cannot extract any useful information
> > 1) xm save Guest guest.dump (assuming a guest named "Guest" is already
> > running)
> > this would dump the guest memory into a file in the dom0 disk.
> > 2) Strings on guest.dump
>
> So encrypt it in the Xen kernel.
>
> > Since this guest.dump is encrypted by the protection hardware, and Xen
> > just informed that "dom0 is running",
>
> That assumes that the dom0 always has to run alone on the machine, in 2009 the
> minimum server has 8 cores (next year 12) and often more.
>
> > the encypted memory will only be released to dom0. This will be dumped
> > into s file in dom0 disk.
>
> Ok, so by taking a step back and looking at the problem again, i think
> you are basically facing two possibilities:
>
> 1.) The security of the Xen kernel is brocken
> -> You are lost, your hardware can't protect anything.
>
> 2.) The security of the Xen kernel is not brocke
> -> Why on earth hardware? What you can do in Verilog on an FPGA, can
> be done much more conveniently in C in the Xen kernel.
> (Don't get me wrong, I'm all pro building hardware.)
>
> Encypting in hardware gets interesting again when you want to try to protect
> against physical attacks to the system. (assuming very good case intrusion
> detection)
>
> > > If not, then it controls at least some hardware that can do DMA
> > > and can this way access all the memory.
> > You are correct. I will have to figure out a way in future to protect
> > against such type of DMA attacks.
>
> Well, solutions exist most likely in the form of IOMMUs.
>
>
> Christian
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Windows Live Messenger. Multitasking at its finest.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel] Academic Project, (continued) Re: [Xen-devel] Academic Project, Christian Leber RE: [Xen-devel] Academic Project, dinesh chandrasekaran [Xen-devel] Volume group "VolGroup00" not found when I boot xen, Xia, Liangfu Re: [Xen-devel] Volume group "VolGroup00" not found when I boot xen, Masaki Kanno RE: [Xen-devel] Volume group "VolGroup00" not found when I boot xen, Xia, Liangfu Re: [Xen-devel] Volume group "VolGroup00" not found when I boot xen, M A Young Re: [Xen-devel] Volume group "VolGroup00" not found when I boot xen, Boris Derzhavets Re: [Xen-devel] Academic Project, Christian Leber RE: [Xen-devel] Academic Project, dinesh chandrasekaran Re: [Xen-devel] Academic Project, Christian Leber RE: [Xen-devel] Academic Project, dinesh chandrasekaran <= [Xen-devel] Academic Project, dinesh chandrasekaran

Previous by Date:	Re: [Xen-devel] page_list_splice, Keir Fraser
Next by Date:	Re: [Xen-devel] latest pv_ops dom0 (2.6.29-rc7) works!!, Pasi Kärkkäinen
Previous by Thread:	Re: [Xen-devel] Academic Project, Christian Leber
Next by Thread:	[Xen-devel] Academic Project, dinesh chandrasekaran
Indexes:	[Date] [Thread] [Top] [All Lists]