[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Re: What is more secure? HVM or PV ?

  • To: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
  • From: "David Pilger" <pilger.david@xxxxxxxxx>
  • Date: Tue, 19 Dec 2006 13:02:34 +0200
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 19 Dec 2006 03:02:25 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UTPIM1WCtVh/nEnORFqiRwF9nDZMTLthC3i5/yU4hIlCIxqidq4niZFZ3M8K3YW+KmSsr+BDL0SmqYHVcO0BS3HhlmBBlRyhpbe11zMWKpDcmQMR3ezOExOiEACKiKXjn40eU+5/oxJoYPi4uKCmwCs0tGPFwUkPNW28LjJzakc=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On 12/19/06, Petersson, Mats <Mats.Petersson@xxxxxxx> wrote:

What's the goal of the attack - to take control of the system or to just
be a nuisance and crash it?

The goal is to gain control over domain0, as the root user.

To take control, I suspect the easiest approach is known kernel holes
and a direct attack on Dom0.

DomU is probably capable of causing Dom0 to crash - at least there's
been bugs like that in the HVM side of the hypervisor - most of the PV
side is probably more immunce thanks to greater maturity of the code.

Are there any attack vectors that aren't directly related to Xen if
dealing with PV, such as kernel facilities + processor architecture or
stuff like that?

If we'll look at it from a lines of code POV, then I guess that HVMs
are less secure (vmexit handler / parsers / qemu), that code is not
mature either.

So, Is there any obvious conclusion about this topic? Or we can say
that the security is the same in PV as in HVM?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.