[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v12 2/9] xsm: add resource operation related xsm policy
On 07/04/2014 04:34 AM, Dongxiao Xu wrote: Add xsm policies for resource access related hypercall, such as MSR access, port I/O read/write, and other related resource operations. Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx> This is correct as far as a permission check, but I think the name should be changed to reflect the contents of the white-list for the access: pqos_monitor_op would work for the two MSRs used in #9. If arbitrary access to MSRs is permitted without a white-list or other categorization in the hypervisor, then the XSM policy needs to be able to label individual MSRs and allow the security policy author to create their own white- or black-lists. This handles the use case you described at the cost of requiring XSM to be enabled to manage the lists of MSRs permitted to a toolstack domain. I do not think this is the best solution, since it will leave Xen without XSM unprotected, and the construction of an XSM policy that permits useful features (like CQM) but denies harmful ones (SYSENTER_EIP) will be more difficult than if the permissions were explicit (pqos_monitor_op, compromise_hypervisor_op). -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |