WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] RAM security

from [Felix Kuperjans] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] RAM security
From: Felix Kuperjans <felix@xxxxxxxxxxxxxxxxxx>
Date: Mon, 06 Dec 2010 18:20:47 +0100
Delivery-date: Mon, 06 Dec 2010 09:21:59 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <46C13AA90DB8844DAB79680243857F0F0AFF44@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F0AFF44@xxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101105 Thunderbird/3.1.6
If you enable the "Scrub RAM before freeing it to XEN" in your DomU kernel, it is always overwritten with (I assume random) data before the pages are returned to the pool of free memory. This should also apply on memory freed by shrinking operations (xm mem-set ...) and of course on DomU shutdown.

You should always enable this option, because cryptographic keys, private data etc. would rest in XEN's memory until either another DomU gets it (and can read that) or the Dom0 shuts down (reboot sometimes even preserves RAM, but the hypervisor is scrubbing all RAM which is not assigned to the Dom0, to prevent readable traces after hard resets etc.).

With correct kernel configuration, the DomU memory should be totally safe.

Am 06.12.2010 11:17, schrieb Jonathan Tripathy:

Hi Everyone,

In Xen, is a DomU able to access data in RAM which a previous DomU has stored in the past, but didn't "zero" it?

I understand that this is a problem with physical disks (using phy:/), just wondering if the same stands with RAM

Thanks


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Zero LVM, Thomas Ronner
Next by Date:  Re: [Xen-users] Kernel DomU 2.6.36.1 dont boot PVonHVM, Roberto Scudeller
Previous by Thread:  [Xen-users] RAM security, Jonathan Tripathy
Next by Thread:  [Xen-users] Xen HVM Windows 2008 Enterprise x64 Problem, Rafael Andreatta
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy