WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] shype for xen / patches version 1.0

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] shype for xen / patches version 1.0
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Tue, 26 Apr 2005 11:00:15 -0400
Delivery-date: Tue, 26 Apr 2005 15:00:38 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Sensitivity:

Hi all,

this is a follow-up on our earlier posting:
http://lists.xensource.com/archives/html/xen-devel/2005-03/msg01406.html.
Please refer to this posting for background information and links to technical
reports describing the architecture.

This new sHype patch supports grant tables. I've also worked in comments
that I received on the earlier post (e.g., global default ssids).

Please note that the default policy under these patches is a "NULL" policy.  This means
that, even after the patches are applied, there will be *no* change to the user or administrator
experience until a security policy is explicitly enabled.

The sHype port consists of three patches (tested on the xeno-unstable.bk  04/26/05):

1. shype_4_xeno-unstable.bk_v1.0_xen.diff
patch that includes the security enforcement hooks and the access control module

2. shype_4_xeno-unstable.bk_v1.0_sparse.diff
kernel patch that adds a /proc/xen/policycmd interface using a new policy
hypercall to  communicate policies between xen and the policy management tool;

3. shype_4_xeno-unstable.bk_v1.0_tools.diff
tools patch that adds support for a new parameter security subject identifier reference
(ssidref) in the domain configuration, as well as a v-e-r-y simple policy tool to set binary
policies in xen and to retrieve and dump enforced policies from xen (tools/policytool);
in a future version, this tool will  read user-defined policies and compile them into the binary
policies to be downloaded into xen.

Please refer to shype_4_xen.readme.gz for more information about installing sHype into
the bitkeeper version of xeno-unstable and about experimenting with it.

Feedback welcome.
Kindest Regards

Reiner

Signed-off-by: Reiner Sailer









___________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sailer@xxxxxxxxxx  
http://www.research.ibm.com/people/s/sailer/

Attachment: shype_4_xeno-unstable.bk_v1.0_xen.diff
Description: Binary data

Attachment: shype_4_xeno-unstable.bk_v1.0_tools.diff
Description: Binary data

Attachment: shype_4_xeno-unstable.bk_v1.0_sparse.diff
Description: Binary data

Attachment: shype4xen.readme.gz
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] shype for xen / patches version 1.0, Reiner Sailer <=