Hello all,
Pardon my ignorance, but it seems to me that there have been numerous
approaches when it comes to managing isolation of Xen based architectures -
most of them focused on performance isolation - Deshane et al have done some
work to test and measure these levels. However I wanted to know if there has
been any work to specifically categorize and quantify the isolation approaches.
Like right now the following models of isolation come to my mind.
1. Code based Isolation by classification - Overshadow, Hardware Enforcement of
Application Security
2. Dom 0 disaggregation - Boxing with IOMMU, Sandboxing
3. I/O based isolation - Netchannel 2, SV-IO, Direct n Virtual Passthrough,
By-pass using Infiband, SR-IOV
4. Isolation based on TPM, TCB - TVP, sHype, ref validation
5. HVM based Isolation
We can of course use a TPM based VM architecture to enhance the security of a
direct passthrough system. But then how good will this model be compared to a
std system which uses just an App specific VM ? Meaning do we really need this
advanced protection, if Yes for which apps ? Are there scenarios where we might
need to selectively unlock security and focus on performance n vice-versa ? and
how do we do it for virtual systems ?
There are some other fundamental questions like -
1. What is the optimum level of isolation for a given system ?
2. How much influence does the Virtual architecture play to achieve this
optimal level and how much better would it be compared to the phy arch ?
3. What is the influence of a particular Application - Web, mail, DBMS, E-Comm
for a given VM in terms of performance and isolation ? App specific TCB vs
performance
4. Has there been any study done so far to quantify the above mentioned classes
in terms of isolation and performance for App specific systems ?
5. Is there a Hybrid approach which we can use to achieve the best of both
(code + I/O) ? If yes, how specific is it wrt a given model ?
Performance Analysis metrics focus on -
1. Throughput (response time) for native VS virtualized env
2. Workload increment affecting resource consumption
3. Values of critical sys metrics VS virtualized overhead
4. Memory usage in terms of L1, L2 and main page faults for native, virtualized
and passthrough
5. Evaluation of apps based on practical scenarios
Code based protection focuses on -
1. Min TCB - # LOC
2. Policy enforcement using TPM (PCR, service and app code, SML)
3. Secure storage based on classification - keying, attestation
I know I've asked some very generic questions here, so it would be great to
receive some answers esp if anyone has done this comparison and analysis.
Thanks
Sameer
--
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|