WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fw: [Xen-devel] Xen on /. again

from [Mark Williamson] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx, david.nospam.hopwood@xxxxxxxxxxxxxxxx
Subject: Re: Fw: [Xen-devel] Xen on /. again
From: Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 00:55:05 +0000
Delivery-date: Fri, 21 Jan 2005 01:07:52 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <41F0517A.5080503@xxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <OF4FD724E2.54054596-ON85256F8E.0069ACC1-85256F8E.006DA126@xxxxxxxxxx> <200501202241.06631.maw48@xxxxxxxxxxxx> <41F0517A.5080503@xxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.7.1 
> Information about other domains' memory usage is leaked via the
> hardware->physical mapping.

OK, I was forgetting about the domain memory reservation hypercalls.  It's 
probably reasonable just to throw away ballooning functionality where this 
might be a problem.

The main problem (as I see it) is going to be the network interface, whose 
performance depends on page-flipping.  You can eliminate the security problem 
without hiding machine address if you copy incoming packets but that's going 
to hurt performance :-(

> > Timing related attacks are somewhat trickier to eliminate covert channels
> > in, although some randomisation can limit the bandwidth.
>
> Eliminating covert channels is completely infeasible. I don't see any
> value in aiming for this. It's not a useful security property in most
> circumstances.

I agree it's not useful in the majority of circumstances.  If it's required it 
can be implemented at a later date but the returns for the amount of time 
invested are likely to be smaller.

Cheers,
Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Rebooting domain0 independent of other domains, Matt Ayres
Next by Date:  Re: [Xen-devel] suspend operation in XEND, Nauzad Sadry
Previous by Thread:  Re: Fw: [Xen-devel] Xen on /. again, David Hopwood
Next by Thread:  Re: Fw: [Xen-devel] Xen on /. again, David Hopwood
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy