WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Re: malicious paravirtualized guests: security and isola

from [Todd Deshane] [Permanent Link][Original]
To: "Vasiliy Baranov" <vasiliy.baranov@xxxxxxxxx>
Subject: Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation
From: "Todd Deshane" <deshantm@xxxxxxxxx>
Date: Tue, 11 Nov 2008 09:52:39 -0500
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 11 Nov 2008 06:54:16 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=T7bfbIrbSQiOXMmVekl5WNATUz9wWHfAW/M1tngtEV4=; b=abJYUmmpzpvjR59xW/XtxhdKUhJTy4JcRMlbLg7EQkGEzvz4jIbxiSR7xKieQoVPE8 LHuQqQUaGk1H3cRlm52nv/czRYIgdSkdcPJFw32C5SXLopMf0zu8/0ZgV5mfGhpzEIHK mlnZCx1n3mh924PJkX4loM03/IYWNKtyAknKs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:references; b=xay97yJ3D86KAtgAzHQPCYJEO9vZyr9D3amCe8lIn66LklV4XS/7eKw3mUXSEWdSOE t0hbvDA7GXltXYpFaEbgzAIXfGrEjO6WrNoiZhaywW7bL925gFKfSipRVoPk0HQw8QI6 vEyPxrcCWYa+vdDJ2HcJuXEbGEJet0E4lyF2c=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx> <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx>
Reply-to: deshantm@xxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Tue, Nov 11, 2008 at 9:35 AM, Vasiliy Baranov
<vasiliy.baranov@xxxxxxxxx> wrote:
>> I have a question about isolation and security guarantees Xen provides, if 
>> any, in cases when domU >> guests are not completely trusted, that is, can 
>> be malicious. Right now I am specifically interested in >> the scenario 
>> where all guests are paravirtualized, but HVM case is of some interest too.

>> Say, I want to let my users run their own guests on a Xen host that I own. 
>> Users will bring their own >> disk images. I don't completely trust my 
>> users. Does the use of Xen guarantees that malicious
>> guests will be unable to harm other guests or the entire host in any way 
>> (for example, kill the entire >> host)? It is interesting to know both what 
>> is guaranteed in theory (that is, if Xen and dom0 work as >>  designed) and 
>> how things go in practice.

>> If I disallow users to use their kernels, that is, if I run guests with my 
>> own kernel(s) only, will that
>> improve the situation? How about loadable kernel modules? If I allow Linux 
>> guests to load their
>> custom kernel modules, will that nullify the effect of using trusted kernels?

>> I currently use Xen 3.1.4, if that matters.

>
> Am I asking stupid questions or is this area a complete mystery? Any
> pointers to existing sources of information are greatly appreciated. I spent
> several days searching Xen documentation and googling but could not find
> anything definitive.


I think it is a good question. Have you spent any time searching through the
xen mailing lists, in particular xen-devel might have some information. A good
way to search is using xen.markmail.org.

The xen developers (xen-devel) might also have some more insight for you.

There are probably some users out there in your situation, but the conventional
wisdom is that isolation and the security of it is very similar to
that of computers
on a network.

White hat hackers have been able to find various tricky ways to break out of
the isolation that xen provides, but I haven't heard of any exploits that have
been taken advantage of in practice.
http://theinvisiblethings.blogspot.com/2008/07/0wning-xen-in-vegas.html
http://xen.markmail.org/search/?q=Rutkowska

Hope that helps.

Cheers,
Todd

-- 
Todd Deshane
http://todddeshane.net
http://runningxen.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] GPL PV Intermittent Network Problems, Nick Couchman
Next by Date:  RE: [Xen-users] GPL PV Intermittent Network Problems, Dustin Henning
Previous by Thread:  [Xen-users] Re: malicious paravirtualized guests: security and isolation, Vasiliy Baranov
Next by Thread:  [Xen-users] Mounting Xen Image, Chris Edwards
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy