WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] Re: What is more secure? HVM or PV ?

To: "David Pilger" <pilger.david@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-devel] Re: What is more secure? HVM or PV ?
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Tue, 19 Dec 2006 11:17:26 +0100
Delivery-date: Tue, 19 Dec 2006 02:17:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <280848580612190035s27e91e67l81511abc50cfae91@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AccjSMFJ1EdI49qRReCEwCeiJY9kdgACmnlQ
Thread-topic: [Xen-devel] Re: What is more secure? HVM or PV ?
 

> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> David Pilger
> Sent: 19 December 2006 08:35
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] Re: What is more secure? HVM or PV ?
> 
> Let me rephrase my question -
> What are the attack vectors for each architecture?

What's the goal of the attack - to take control of the system or to just
be a nuisance and crash it?

To take control, I suspect the easiest approach is known kernel holes
and a direct attack on Dom0. 

DomU is probably capable of causing Dom0 to crash - at least there's
been bugs like that in the HVM side of the hypervisor - most of the PV
side is probably more immunce thanks to greater maturity of the code. 

I'm pretty sure that if anyone actually KNOWS of a method to attack the
system, then it would be on it's way to being fixed. 

There's no interface that actually allows the guest to ask for Dom0 to
execute the guests code - but seeing as the code in Xen is large enough
that it's hard to track EVERYTHING, there may be some obscure way of
making it misbehave. 

--
Mats
> 
> For PV it's the Paravirtualization API and hypercalls, and for HVM
> it's the VMEXIT Parsing / QEMU states and hypercalls...
> 
> Are there other attack vectors that may be used to hack from a domU or
> HVM into dom0? can we get an obvious conclusion about which
> architechture is more secure? PV or HVM?
> 
> Thanks,
> David.
> 
> On 12/18/06, David Pilger <pilger.david@xxxxxxxxx> wrote:
> > Hi,
> >
> > So what's more secure? a HVM or a PV DomU?
> > Which one of the architectures is more "open" for attacks, 
> if someone
> > wants to execute code in domain0 ?
> >
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 
> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel