WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] sHype Hypervisor Security Architecture for Xen

from [Gregor Milos] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] sHype Hypervisor Security Architecture for Xen
From: Gregor Milos <gm281@xxxxxxxxxxxxxxxx>
Date: Mon, 17 Jan 2005 01:54:17 +0000
Delivery-date: Mon, 17 Jan 2005 01:55:24 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <OF84E18A16.B9C61B6A-ON85256F8B.00820363-85256F8B.00821DA0@xxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <OF84E18A16.B9C61B6A-ON85256F8B.00820363-85256F8B.00821DA0@xxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.7.1 
There is some work going on in this area in Intel Research, although so far we 
mostly identified problems rather then came up with a solution. In any case 
cooperation in enhancing the security of Xen would certainly be better then 
separate efforts.
I will be most interested to learn the details of sHype and then trying to 
find the way to port it to Xen.
I can be contacted directly on gm281@xxxxxxxxxx

Cheers
Gregor

> I am a member of the Secure Systems Department at IBM's TJ Watson Research
> Center (http://www.research.ibm.com/secure_systems_department/).
>
> Our group has designed and developed a security architecture for
> hypervisors (called sHype). We have implemented it on an x86-based IBM
> research hypervisor.  We now plan to contribute this to Xen by integrating
> our security architecture into it.
>
> sHype is based on mandatory access controls (MAC). This allows Xen to use
> access rules (formal policy) to control both the sharing of virtual
> resources as well as the information flow between domains. The Xen port of
> sHype will leverage the existing Xen interdomain communication mechanism
> and we expect near-zero performance overhead on the performance-critical
> paths (e.g., sending or receiving packets on a virtual network, or writing
> or reading shared memory).  The sHype access control architecture
> separates policy decisions from policy enforcement. It is modeled after
> the Flask security architecture as implemented in SELinux (
> http://www.cs.utah.edu/flux/fluke/html/flask.html).  Our design is
> targeted at a flexible medium-assurance architecture that can support
> anything from simple security domains to multilevel security (MLS) and
> Chinese Wall policies.
>
> Merging the sHype access control architecture with Xen is the first step
> toward our goal of hardening Xen to support enterprise-class applications
> and security requirements. We are working on the following items to
> achieve this goal (which we intend to contribute spread out over this
> year):
>
> * Port sHype to Xen
>
> * Add stronger security/isolation guarantees (confinement) to what is
> currently available through Xen's (and other hypervisors') address space
> separation mechanisms, e.g., to enable information flow control in Xen
>
> *  Enhance Xen to support trusted computing under Linux using
> TCG/TPM-based attestation mechanisms
>
> *  Enhance Xen to support secure resource metering, verification, and
> control.
>
> * Apply our experience in automated security analysis to Xen to make it
> more robust
>
> * Make Xen suitable for Common Criteria evaluation
>
> We are confident that our work will significantly contribute to Xen in the
> security space and that it is a good fit with the Xen roadmap. We look
> forward to interacting with the Xen community on the design and
> implementation of our architecture.
>
> Reiner
> __________________________________________________________
> Reiner Sailer, Research Staff Member, Secure Systems Department
> IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
> Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sailer@xxxxxxxxxx
> http://www.research.ibm.com/people/s/sailer/

-- 
Quidquid latine dictum sit, altum viditur --- Anon


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] sHype Hypervisor Security Architecture for Xen, Reiner Sailer
Next by Date:  Re: [Xen-devel] sHype Hypervisor Security Architecture for Xen, aq
Previous by Thread:  [Xen-devel] sHype Hypervisor Security Architecture for Xen, Reiner Sailer
Next by Thread:  Re: [Xen-devel] sHype Hypervisor Security Architecture for Xen, aq
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy