WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

Re: [Xense-devel] questions about isolation model and GVTPM

To: <jackyhuangq@xxxxxxxx>
Subject: Re: [Xense-devel] questions about isolation model and GVTPM
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Thu, 4 May 2006 22:11:35 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 04 May 2006 19:11:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <12522889.1145976038032.JavaMail.postfix@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/25/2006 10:40:38 AM:

> Hi guys,

Hi Huang,

I am still out-of-the office but I am starting to read my e-mail :-) I did not see anybody answering to your e-mail yet, so I will try to answer those parts that I am familiar with.

> I am interesting in vitrualization and tcpa.I want to do some
> research on Xen platform to present a more trusted VMM. I think the
> key points are isolation and integrity.

>
> With isoliation, I want to use uninterference policy to confine the
> communication between xen and domains with device channel.


This sounds interesting. Can you describe this policy a little more? What does it address that the current Type Enforcement (controlled sharing between Domains) or the Chinese Wall Policy do not express? Do you aim at discovering/measuring covert channels (a very beneficial, interesting, and challenging task)?

>That is to
> say, map the formal model to xen. I think now the MAC mechanism also
> does some isolation, the channel-control analyse with formal model
> is another way, especially used for confine the TCB where access
> control can do nothing.


You must be talking about covert channels here since those are not access controlled.

>By the way,I think critical application also
> is a part of TCB.

> And from Reiner, I see Xen is not a isolation VMM,or separation VMM.
> But I think formal analyze can benefit confinement of Xen's I/O device.


Can you give an example of an I/O device and the confinement guarantees you are looking for? We are extending the MAC into I/O virtualization (which happens on operating system level).
 
> With integrity, I want to examine the GVTPM architecture and do
> something based on it.

> My questions are: does the isolation provided by Xen for domains is
> strong enough from your developer's view? Is the! re anybody can
> help me to learn more about GVTPM except for a .ppt document?


I can give a little information about last 4 letters (VTPM): there are multiple documented approaches. The current implementation in Xen is the result of a cooperation between Intel and IBM. We have a project web page at IBM Research that describes our general approach (http://www.research.ibm.com/ssd_vtpm) and we will present a research paper on the Usenix Security Symposium this year describing challenges and solutions when virtualizing a TPM.

Probably a person from Intel can describe best their vision of generalized VTPM or point to more information :-)

Regards
Reiner

> Something like what the function of "shared memory TPM driver" in
> the code? is it a backend driver? Or what is the opinion of TCG about GVTPM?

> I am already much inspired by your help in the mail list.Hope I can
> do something to the community. Thanks!

> Yours Huang _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel