[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Fw: [Xen-devel] Xen on /. again
> Information about other domains' memory usage is leaked via the > hardware->physical mapping. OK, I was forgetting about the domain memory reservation hypercalls. It's probably reasonable just to throw away ballooning functionality where this might be a problem. The main problem (as I see it) is going to be the network interface, whose performance depends on page-flipping. You can eliminate the security problem without hiding machine address if you copy incoming packets but that's going to hurt performance :-( > > Timing related attacks are somewhat trickier to eliminate covert channels > > in, although some randomisation can limit the bandwidth. > > Eliminating covert channels is completely infeasible. I don't see any > value in aiming for this. It's not a useful security property in most > circumstances. I agree it's not useful in the majority of circumstances. If it's required it can be implemented at a later date but the returns for the amount of time invested are likely to be smaller. Cheers, Mark ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |