[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Re: What is more secure? HVM or PV ?

  • To: "David Pilger" <pilger.david@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
  • Date: Tue, 19 Dec 2006 11:17:26 +0100
  • Delivery-date: Tue, 19 Dec 2006 02:17:31 -0800
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AccjSMFJ1EdI49qRReCEwCeiJY9kdgACmnlQ
  • Thread-topic: [Xen-devel] Re: What is more secure? HVM or PV ?


> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> David Pilger
> Sent: 19 December 2006 08:35
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] Re: What is more secure? HVM or PV ?
> Let me rephrase my question -
> What are the attack vectors for each architecture?

What's the goal of the attack - to take control of the system or to just
be a nuisance and crash it?

To take control, I suspect the easiest approach is known kernel holes
and a direct attack on Dom0. 

DomU is probably capable of causing Dom0 to crash - at least there's
been bugs like that in the HVM side of the hypervisor - most of the PV
side is probably more immunce thanks to greater maturity of the code. 

I'm pretty sure that if anyone actually KNOWS of a method to attack the
system, then it would be on it's way to being fixed. 

There's no interface that actually allows the guest to ask for Dom0 to
execute the guests code - but seeing as the code in Xen is large enough
that it's hard to track EVERYTHING, there may be some obscure way of
making it misbehave. 

> For PV it's the Paravirtualization API and hypercalls, and for HVM
> it's the VMEXIT Parsing / QEMU states and hypercalls...
> Are there other attack vectors that may be used to hack from a domU or
> HVM into dom0? can we get an obvious conclusion about which
> architechture is more secure? PV or HVM?
> Thanks,
> David.
> On 12/18/06, David Pilger <pilger.david@xxxxxxxxx> wrote:
> > Hi,
> >
> > So what's more secure? a HVM or a PV DomU?
> > Which one of the architectures is more "open" for attacks, 
> if someone
> > wants to execute code in domain0 ?
> >
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.