Re: [Xense-devel] Enforcing MAC policies across different machines

[Reiner Sailer <sailer@xxxxxxxxxx>]

Daniele,

we are glad you like our write-up and
we are looking forward to involve more people in the plentiful rewarding
work that aims at robust and usable security in virtualized environments.

The Xen mandatory access control framework
is being completed with resource controls (largely submitted and committed
into the Xen-devel tree) and local network controls (to be submitted very
soon).  A simple policy creation GUI and the Xen user guide chapter
will follow promptly and aim at making it easy to experiment with this
framework by August.

You assume correctly that we are pursuing
research and development related to a distributed reference monitor. We
are pretty far into this topic and have existing collaborations with Universities.


However, there are many interesting
open topics. I have quickly put together the following list of topics that
seem both critical for Xen security and interesting from a development
and  research perspective. I think that those topics are good starting
points for interested people to become familiar with Xen and security and
to contribute to Xen in the security area:

* secure services, e.g., monitoring
of user domains (anti virus, IDS), auditing, etc. --> there are existing
monitoring projects, e.g., Xen Introspection Library (http://www.bryanpayne.org/3_software.php),
Xen/Snort (http://www.xensource.com) and certainly many that I am not aware
of
* creating minimal domains (not necessarily
Linux) to (i) safely host hardware devices (e.g., storage) and share it
among different workloads or (ii) to host secure services mentioned above
* applications leveraging the sHype/Xen
mandatory access controls
* building Trusted Virtual Domains on
top of the Xen virtualization (for an overview of TVD concepts, see for
example  http://www.research.ibm.com/ssd_tvd)  -- this one might
be a little heavy to lift for a single person but appropriate for small
collaboration groups

We are pursuing some of these topics
ourselves. However,  we depend on the community to help make these
things happen. Therefore, we are very open to consulting others who work
in these areas and we are open to collaborations. I encourage readers of
this list to contribute topics in any Xen security area where they are
looking for help.

Finally, we are very interested in knowing
about any projects around Xen security (sHype/ACM, vTPM, and secure services)
and will help where we can to ensure that Xen security services matter
to users and distributions.

Best Regards
Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sailer@xxxxxxxxxx
 
http://www.research.ibm.com/people/s/sailer/

"Daniele Sgandurra" <danisgan@xxxxxxxxx>
Sent by: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

07/11/2006 09:38 AM

To	xense-devel@xxxxxxxxxxxxxxxxxxx
cc
Subject	[Xense-devel] Enforcing MAC policies across different machines

Hello everyone,
I've read a recent thread
(http://lists.xensource.com/archives/html/xense-devel/2006-04/msg00001.html)
and a very interesting document
(http://domino.research.ibm.com/library/cyberdig.nsf/papers?SearchView&Query=RC23865&SearchMax=10)
and I would like to know if the concept of a distributed reference
monitor for enforcing MAC policies is something on which you are
working on, and in what areas of security is possible (if possible) to
help in the development of Xen.
Thank you very much!

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel