WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

RE: [Xense-devel] Shype/ACM for HVM guest.

To: "Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx>
Subject: RE: [Xense-devel] Shype/ACM for HVM guest.
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Fri, 6 Apr 2007 10:04:23 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 06 Apr 2007 07:03:04 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <0A8CFEC45B7F4C419F7543867C4744238488AC@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

"Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx> wrote on 04/06/2007 08:26:38 AM:

>  

> Hi,
>            Thanks for replying.
>              According to you in case of full virtualization
> security checks are only applied at the startup of virtual machine.

>             Where as in para virtualization security checks are also
> at the hypercalls. But in full virtualization currently  there is no
> security checks

>               like para virtualization. I do believe that there is
> Chinese wall security hooks, but they only manage the starting of
> HVM domains.

>             Do you also mean that ACM has no role to play in case of
> HVM domains?


We are not saying that it 'has no role to play'. The current ACM support for HVMs is limited and we will investigate this in the future.

>              and also the hypervisor has no security checks on the
> request fron HVM guest to  hypervisor?


A fully virtualized guest will currently not run through the types of ACM hooks that paravirtualized domains are running through.

   Stefan
>                          
> Thanks,
> Praveen Kushwaha
>
> From: Stefan Berger [mailto:stefanb@xxxxxxxxxx]
> Sent: Friday, April 06, 2007 5:32 AM
> To: Praveen Kushwaha
> Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> Subject: RE: [Xense-devel] Shype/ACM for HVM guest.

>  
>
> "Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx> wrote on
> 04/04/2007 02:53:06 AM:
>
> > Hi,
> >           Yes,  the Chinese wall policy hook is there for checking
> > whether the HVM guest is allowed to run or not.
> >            But the my question is that suppose the HVM guest wants
> > to do some IO (disk access, printer etc). Then for the
> communicationwith the
> >             VMM, VMExit will happen ( A transition from the HVM
> > guest to VMM is done). Then, Where the shype/ACM put hooks in order
> > to have control over
> >             resources(IO devices) for the HVM guests?
>
> IO devices that are connected to the HVM and whose parameters are
> provided through the VM configuration can be checked against their
> labeling once a domain is started using xend. Currently for HVMs
> only disk entries are checked. More will need to be added in this
> area in the future.
>
> >             As it puts hooks on hypercalls in case of paravirtualization.
> >             What shype/ACM does in case of full virtualization?
>
> In case of full virutalization, the hooks on the hypercalls for
> grant tables and event channels are not being used. So oin HVM case,
> checks are only done during startup of a virtual machine.
>
> Stefan
>
> >  
> > Thanks,
> > Praveen Kushwaha
> >  
> >  
> >                
> >  
> >
> > From: Stefan Berger [mailto:stefanb@xxxxxxxxxx]
> > Sent: Tuesday, April 03, 2007 8:29 PM
> > To: Praveen Kushwaha
> > Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> > Subject: RE: [Xense-devel] Shype/ACM for HVM guest.
> >  
> >
> > "Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx> wrote on
> > 04/03/2007 05:42:56 AM:
> >
> > > Hi,
> > >              Yes that is fine if the paravirtualized drivers are
> > > used in HVM then we can put hooks on that. But it is different case,
> > > how actually shype/ACM works in case of VMExit/VMEntry.
> > >               Since in case of VMExit/VMEntry there are no
> > > hypercalls, then how sHype/ACM implements security.
> > >               I mean to ask that how sHype/ACM works in case of
> HVM guest.
> >
> > In case of an HVM guest you would have the Chinese Wall Policy hooks
> > checking whether the HVM guest is allowed to run with its current VM label.
> > Access to resources such as image files is also checked when a
> > virtual machine is started up.
> >
> >    Stefan
> >
> >
> > >  
> > > Thanks,
> > > Praveen Kushwaha
> > >    
> > >              
> > >              
> > >  
> > >  
> > >  
> > >
> > > From: Stefan Berger [mailto:stefanb@xxxxxxxxxx]
> > > Sent: Monday, April 02, 2007 7:19 PM
> > > To: Praveen Kushwaha
> > > Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@lists.
> xensource.com
> > > Subject: Re: [Xense-devel] Shype/ACM for HVM guest.
> > >  
> > >
> > > xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/02/2007 05:40:39 AM:
> > >
> > > > Hi,
> > > >             Does Shype/ACM architecture for implementing security in
> > > > xen supports HVM guest also?  I mean to say that, as per my
> > >
> > > HVM guests are supported in so far that the configuration of an HVM
> > > is checked when the VM is started. This is done in xend where
> > > resource assignments (disk access)  are validated.
> > >
> > > > knowledge in xen 3.0.4         shype/ACM is implemented. Does this
> > > > shype/ACM work also for the HVM (windows) guest?
> > > >               As per my understanding shype/ACM puts hook on
> > > > hypercalls from the hypervisor, and consult with the ACM. But in
> > > > case of full virtualization, hypervisor does not have hypercalls to
> > > > communicate with HVM guest. There is VMEntry/VMExit for
> > >
> > > This is correct. Though, if paravirtualized drivers are used in an
> > > HVM, also they will need to go through the hooks for grant table
> > > access and event channels.
> > >
> > >    Stefan
> > >
> > >
> > > > communication, in which guest state and host state are saved.  Since
> > > > there are no hypercalls  in case of full virtualization then how the
> > > > actually shype/ACM works. Where does it put hooks? Or is there any
> > > > other mechanism through which it implements security in HVM guest.
> > > >       If any one has information regarding it  please reply.
> > > >  
> > > > Thanks,
> > > > Praveen Kushwaha
> > > >  
> > > >        
> > > >  
> > > >  _______________________________________________
> > > > Xense-devel mailing list
> > > > Xense-devel@xxxxxxxxxxxxxxxxxxx
> > > > http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
<Prev in Thread] Current Thread [Next in Thread>