On Mon, Mar 15, 2010 at 03:51:53PM +0530, Aditya Pendyala wrote:
> Hi all,
> I have the following questions regarding Xen hypervisor.Can you please
> clarify these queries?
> * Does Xen follow any security model, in particular, does a Random Oracle
> (RO) fit in Xen?
Yes, Xen has Xen Security Modules (XSM).
Those pdfs seem to be a bit old, but feel free to google for more up-to-date
Especially check the various Xen Summit presentation slides available on
> * When there are concurrent Guest OS running on the same hardware, then
> there has to be a mechanism for concurrency control and fairness, how
> does Xen implement these?
Xen has different schedulers to control cpu time sharing.
Xen credit scheduler is the default scheduler nowadays.
credit2 scheduler is under development.
For disk-IO you can use the Linux dom0 CFQ/ionice, or things like dm-ioband.
For network traffic you can use all the common Linux QoS tools, or the built-in
> * Shared memory access has to make sure that one "malicious" OS doesn't
> access other's memory, where and how is this done?
I don't know the internals unfortunately.. I can guess it's related to the
fact that Xen hypervisor runs in the x86 ring-0, and the guests run
in other ring levels. So Xen hypervisor has complete control of the guests,
and it can force the security.
> * Similarly with shared network, how and where is security handled in this
> case so that packets meant for one OS are not accessible to other OS?
If you're using routed setup then it's pretty easy to control which IP has which
IP and perform firewalling in dom0.
If you're using bridged network setup then you can use things like ebtables
to filter the bridged traffic.
Xen dom0 is usually Linux, so all the usual Linux tools can be used.
> * Does xen has cryptography implementation in the code ?
What do you mean exactly?
> * If you have idea regarding "provable security" property of Xen , can you
> give us a gist of it ?
I don't really help with this one unfortunately.
Xen-devel mailing list