 Home |
Products |
Support |
Community |
News |
xen-devel
Fw: [Xen-devel] Xen on /. again
| To: | jacobg@xxxxxxx, Reiner Sailer <sailer@xxxxxxxxxx> |
|---|---|
| Subject: | Fw: [Xen-devel] Xen on /. again |
| From: | Trent Jaeger <jaegert@xxxxxxxxxx> |
| Date: | Wed, 19 Jan 2005 14:57:26 -0500 |
| Cc: | xen-devel@xxxxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Thu, 20 Jan 2005 08:46:09 +0000 |
| Envelope-to: | xen+James.Bulpin@xxxxxxxxxxxx |
| List-archive: | <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel> |
| List-help: | <mailto:xen-devel-request@lists.sourceforge.net?subject=help> |
| List-id: | List for Xen developers <xen-devel.lists.sourceforge.net> |
| List-post: | <mailto:xen-devel@lists.sourceforge.net> |
| List-subscribe: | <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe> |
| List-unsubscribe: | <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe> |
| Sender: | xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx |
|
Hi, I work with Reiner and was formerly the manager of the L4 SawMill project. SawMill was a very different project where we were looking to manage the complexity of OS code and improve security using multiservers -- i.e., isolation of individual parts of the operating system from each other running on the hypervisor. Few modifications to the hypervisor (in this case, L4) were required for this, but many mods to the OS code. The new project aims to add security checks on hypervisor resources in the hypervisor. Thus, changes to the hypervisor are necessary. The best analogue for what is being proposed is the addition of the Linux Security Modules (LSM) interface to Linux 2.6 -- this enables mandatory access control to be enforced on the use of Linux resources by independent security modules which permits flexible security choices. Here is a brief list of the lessons that I think that we may be able to apply to Xen work based on both the SawMill and LSM experiences. - minimize (manual) changes required to guest OSs (at this time SawMill required many changes) - enable use of many drivers (i.e., enable driver development via driver model -- Xen aims to provide this) - isolation boundaries cost more than you might think, but computers are a lot faster now (10X+) - we need mandatory access control interface like LSM to have flexible control of resources (rather than dump resources to a control partition) - authorize access at bind time rather than at use time (no critical path impact) I am sure that there are others. Regards, Trent. ------------------------------------------------------------ Trent Jaeger IBM T.J. Watson Research Center 19 Skyline Drive, Hawthorne, NY 10532 (914) 784-7225, FAX (914) 784-7225 ----- Forwarded by Reiner Sailer/Watson/IBM on 01/18/2005 07:34 PM -----
Reiner Sailer wrote: > It is not that fast. sHype is not in any Xen source > yet. Currently it is running on our research hypervisor. > We want to discuss with the Xen community while we > are porting it to Xen so we can address comments and > adapt it where necessary. hi, is sHype related to the old L4 Sawmill project in any way? Are there any lessons learned from that project that would be relevant to the work on Xen? Jacob |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] Domain Save-Restore, Chotu Ram |
|---|---|
| Next by Date: | Re: [Xen-devel] Kernel crash, Philip R Auld |
| Previous by Thread: | Re: [Xen-devel] Xen on /. again, Jacob Gorm Hansen |
| Next by Thread: | Re: Fw: [Xen-devel] Xen on /. again, Jacob Gorm Hansen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
