[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: What is more secure? HVM or PV ?

  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: "David Pilger" <pilger.david@xxxxxxxxx>
  • Date: Tue, 19 Dec 2006 10:35:01 +0200
  • Delivery-date: Tue, 19 Dec 2006 00:34:50 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jSDxxlQhAo9zi+YBTOxA1SyMCDQK9h/K/6CY55tbL780aK7jvb3OydffoZJtylBtdE1TG4eH7CiJsGPsb9ExBmx6oQnf+Dv4VbQQOR5VAmzUx9Dj1iO048v0/uR7UtkpwEWDBNuq3hoWydPRFn4ZkN/Ix4Y4l3tVkjX8XMzMuro=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Let me rephrase my question -
What are the attack vectors for each architecture?

For PV it's the Paravirtualization API and hypercalls, and for HVM
it's the VMEXIT Parsing / QEMU states and hypercalls...

Are there other attack vectors that may be used to hack from a domU or
HVM into dom0? can we get an obvious conclusion about which
architechture is more secure? PV or HVM?


On 12/18/06, David Pilger <pilger.david@xxxxxxxxx> wrote:

So what's more secure? a HVM or a PV DomU?
Which one of the architectures is more "open" for attacks, if someone
wants to execute code in domain0 ?

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.