WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] RAM security

To: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Subject: Re: [Xen-devel] RAM security
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Mon, 6 Dec 2010 14:49:20 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 06 Dec 2010 06:50:24 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=zGRKWOGwxlfitExLl4iVJXefOQn+bpMBg1YqpsWVN3o=; b=qHlhUupPF+MBEtB70V2y9PUQ8jQ/LHpLMG/6ZryGiZuc0nDUxa23rqDmzTIt7qDv8i enT2iPjVPS68fCzSBpB7PVfEKGKf2MhO4I6EsCEx1pYmlQMLw9y2tHTsDZlDHLJcNy7h IVzW0T7azP7it+EIC9CMlFe05GdwinH+FQYJM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=NXJppFJvEVfRRpzGE07URpj6y4mIu358fp9YN6ySBX67apT27Z68rHd5XACh5z2p7T qD9pyXgWUxWel95sP8lyxU2ju3tFn18YGy2HnpbIPQB+K/ZI086SrPay/j8VhYmQiko/ LLuuEKlqOo0ya7FLXhn2tXMqHT1x67Kwtu2RU=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <46C13AA90DB8844DAB79680243857F0F0AFF45@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F0AFF44@xxxxxxxxxxxxxxxxxxx> <46C13AA90DB8844DAB79680243857F0F0AFF45@xxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I looked into this sometime this last year.  I believe the answer is
"no": the domain destruction routines will zero memory before handing
it back to Xen.

One potential data leak, however (last time I looked at this), is that
Xen does not scrub memory handed back by the balloon driver.  So if
the guest OS hasn't scrubbed it, and it contains sensitive
information, it may end up being assigned to another domain as-is
(either via ballooning or start-of-day domain creation).  At the
moment that's considered the guest's responsibility.

 -George

On Mon, Dec 6, 2010 at 2:35 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Hi Everyone,
>
> In Xen, is a DomU able to access data in RAM which a previous DomU has
> stored in the past, but didn't "zero" it?
>
> I understand that this is a problem with physical disks (using phy:/), just
> wondering if the same stands with RAM
>
> Thanks
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>