WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fw: [Xen-devel] Xen on /. again

from [Mark Williamson] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx, david.nospam.hopwood@xxxxxxxxxxxxxxxx
Subject: Re: Fw: [Xen-devel] Xen on /. again
From: Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 01:38:19 +0000
Delivery-date: Fri, 21 Jan 2005 01:46:49 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <41F05BCA.7050208@xxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <OF4FD724E2.54054596-ON85256F8E.0069ACC1-85256F8E.006DA126@xxxxxxxxxx> <200501210055.05309.maw48@xxxxxxxxxxxx> <41F05BCA.7050208@xxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.7.1 
> It almost certainly can't be implemented at a later date. Even attempting
> to do so (without really succeeding) would require significant incompatible
> changes to the hypervisor interface.

What changes are required depend on what channels you're trying to eliminate.  
You could limit the aforementioned covert channels in the network interface, 
block device head scheduling and also CPU scheduling without changing the 
hypervisor interface at all.

Whether this is worth the effort is another matter, however, as you rightly 
point out ;-)

> Attackers only need a very small 
> bandwidth to transmit many of the things that are most useful from their
> point of view (cryptographic keys, passwords, compressed answers from a
> program that can look at any amount of data), so claims about limiting the
> bandwidth really just give a false sense of security.

Yes.  You just have to hope that organisational security measures compensate 
for the covert channels that remain.

Cheers,
Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fw: [Xen-devel] Xen on /. again, David Hopwood
Next by Date:  [Xen-devel] OS/2, gh
Previous by Thread:  Re: Fw: [Xen-devel] Xen on /. again, David Hopwood
Next by Thread:  Re: Fw: [Xen-devel] Xen on /. again, Reiner Sailer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy