Re: [Xen-devel] Regarding Xen security....

To:	"Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx>
Subject:	Re: [Xen-devel] Regarding Xen security....
From:	"David Pilger" <pilger.david@xxxxxxxxx>
Date:	Mon, 15 Jan 2007 14:18:56 +0200
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Mon, 15 Jan 2007 04:18:27 -0800
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tLJ7aQBD9af7BQ9cbKIm7d2EJzTWJSX82GZILP2GifeZPleROf+P7Da+LQllZKajBF2OzuJbVFv05xuOLOTegvyTAwfUo30lZQI+7QPs3QQSnVHGvSOeMMSdlBBP2MEulESELKQssaDBEzYs6BG29ZsXt3wlrZfI1Pms1JVFI9g=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<0A8CFEC45B7F4C419F7543867C47442366E4F3@xxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<0A8CFEC45B7F4C419F7543867C47442366E4F3@xxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Search for "HVM rootkits", if your system runs without a hypervisor
and VMX/SVM is enabled in the BIOS then an attacker can gain control
over that layer. But he'll first need to gain control over the
operating system (not so difficult) in order to execute a program with
high privileges. In "VMX root operation" you have total control over
the system (parallel to ring0, one year ago).

VT-x is intended to provide another ring of security (priviliges),
which lets hypervisors manage unmodified operating systems.

Right now, if you are not running a hypervisor than it's not secure to
enable VT-x in the BIOS, if you do use some kind of hypervisor, then
the threat is that an attacker will find a security hole in it and
take control over that layer. Right now, there aren't any known
vulnerabilities in software the manage VMX. But I guess that the focus
of malicious people is not exactly at hypervisors. When LaGrande (for
instance) will be a part of any computer, then it will be "benefitial"
to search for vulnerabilities in this layer.

In summary, there is a risk when no hypervisor occupies the VMX layer
and it is enabled in the BIOS. The only use of this layer by a
malicious program is for properly hiding itself from removal tools.

Any way, here are some insights:
* If operating systems were secure enough and properly programmed then
VMX was not needed in this regard (to provide security).
* The implementation of VMX is here to take the control of the machine
from a certain operating system, treating an OS just like a "process".
* Its useful for servers that runs virtual machines, this is trivial
use of a hypervisors.

David.


On 1/12/07, Praveen Kushwaha <praveen.kushwaha@xxxxxxxxxxx> wrote:




Hi Sir,

             I have a question regarding the security of Xen. What are the
security threats in with Intel VT-x.





Thanks,

Praveen Kushwaha



_____________________________________________________________________________________________

NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno  Park,
Noida | Tel: 120 436 6777 Extn 748






_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] Regarding Xen security....