[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xense-devel] ACM doesnt scale
- To: Steven Hand <Steven.Hand@xxxxxxxxxxxx>
- From: aq <aquynh@xxxxxxxxx>
- Date: Thu, 23 Jun 2005 18:19:16 -0700
- Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
- Delivery-date: Fri, 24 Jun 2005 01:18:05 +0000
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jeHYux+2Ni6u0X9qcRsgJG5tiVhB1IVEcaFQXRgk8PD377XcSyZDp8C7zt4fEt6Xw/Mf0KVjgxhGGadp5taZazSoxnPh3LYJd2y+jrUW7aaAd+TY+C+wXxPVqZ0YNFt5H0WzTjxNwvDomPXL8JHY2CqiOf7evnmH8r3cGAydEWI=
- List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
On 6/23/05, Steven Hand <Steven.Hand@xxxxxxxxxxxx> wrote:
> >at the moment, ACM supports only 2 models, and the code doesnt scale
> >enough (at all) to support more models in the future? any plan to fix
> Yes - the current ACM code is a proof of concept derived from the
> IBM sHype code. The model at present is that two policies (a primary
> and secondary) will be in place at any time, although it is intended
> that the selection of these will be more dynamic in the future. It's
> not yet clear if extending this will be required, but we're certainly
> aware of the structure and limitations of the current code.
also the way security models are integrated into ACM doesnt scale, either.
> >if no, i am ready to offer some code for this problem.
> We don't really want to smother things with code - for the security
> functionality in particular we'd prefer to generate a stable, sensible
> and well-justified design or set of designs which we can consider and
> decide upon.
> If you're keen to help with this process, one important task we hope
> to get rolling soon is a complete audit of the 'hypervisor interface',
> aka all the regular hypercalls & dom0_ops, plus the implicit protocols
> (shared info page, event channel & grant table state machines, etc) to
> identify the various points at which access control or information
> exchange can occur.
That is great to know what is in the plan and what is in the wish
list. It is even better if you put them into the wiki (the more
detail, the better), so peole who interest can help.
Xense-devel mailing list