WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Security of Xen host and guests?

To: voipfc@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] Security of Xen host and guests?
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Tue, 24 Apr 2007 12:47:18 +0200
Delivery-date: Tue, 24 Apr 2007 03:46:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <84b7c6460704240337j6b8786bdyd89311f25db21577@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AceGXJaVnJW32J25SYySCBLEKHCmYAAABGug
Thread-topic: [Xen-users] Security of Xen host and guests?
 

> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Frank Church
> Sent: 24 April 2007 11:37
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Security of Xen host and guests?
> 
> How secure are Xen guests and hosts if a guest is compromised?
> 
> Does the compromise of a guest be as a gateway to compromise both
> hosts and other guests?

Aside from the possibility that a guest can use up 100% of it's assigned
resources (CPU, Network bandwidth etc) (which if you don't expect it to
use more than 10% can cause interesting effects on the overall system
performance). There are ways to limit any and all of those resources, so
a well configured system wouldn't be able to notice this at all. 

Each guest is protected from getting to any other guest and it's not
possible for example for a guest to access another guests memory or
disk-storage [a guest can ALLOW another guest to access it's memory,
that's how drivers work, but the guest owning the memory must perform a
"grant" operation]. 

So essentially, we have the same situation as if you have two or more
machines running on the same network - if one is compromised, the other
shoulds till stay "safe" as long as the setup itself is secured properly
(e.g. if you have the same passwords on both machines, one could
presumably log in from one to the other knowing the password). 

The host-domain (Dom0) is just another domain from the hypervisors
perspective - along the same lines as "root" is another user. It is
special in the sense that it's got permissions to create/destroy other
guests. But from a security perspective, it is no more or less secure
than any other guest in and of itself. Of course, hopefully any sysadmin
worth his salt should set extra security for accessing Dom0. Just like
in a network of "real" machines, you'd protect the file-server a bit
more [e.g. not allow regular users to log in there, extra firewall
protection, etc, etc] than you may do with the regular desktop/client
machines... 

--
Mats
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>