[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [Xen-devel] Xen on /. again



Mark Williamson wrote:
Information about other domains' memory usage is leaked via the
hardware->physical mapping.

OK, I was forgetting about the domain memory reservation hypercalls. It's probably reasonable just to throw away ballooning functionality where this might be a problem.

The main problem (as I see it) is going to be the network interface, whose performance depends on page-flipping. You can eliminate the security problem without hiding machine address if you copy incoming packets but that's going to hurt performance :-(

Timing related attacks are somewhat trickier to eliminate covert channels
in, although some randomisation can limit the bandwidth.

Eliminating covert channels is completely infeasible. I don't see any
value in aiming for this. It's not a useful security property in most
circumstances.

I agree it's not useful in the majority of circumstances. If it's required it can be implemented at a later date but the returns for the amount of time invested are likely to be smaller.

It almost certainly can't be implemented at a later date. Even attempting
to do so (without really succeeding) would require significant incompatible
changes to the hypervisor interface.

The idea of limiting covert channels should have been abandoned when it
became clear that it isn't feasible without severely constraining the
efficiency and functionality of an operating system. Unfortunately it is
too interesting a problem, so a lot of effort has been essentially wasted
in research into this area, without ever coming up with any way to limit
the bandwidth to a useful extent. Attackers only need a very small
bandwidth to transmit many of the things that are most useful from their
point of view (cryptographic keys, passwords, compressed answers from a
program that can look at any amount of data), so claims about limiting the
bandwidth really just give a false sense of security.

--
David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.