[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Critique of the Xen Security Process
On Fri, Nov 06, 2015, Joanna Rutkowska wrote > [snip] I was then asked to share some more > thoughts about how I thought Xen could actually improve its security > process [4]. Thanks Joanna for taking the time to put these thoughts into writing. I think there are a number of actionable things here we should be taking a look at as a community. Some of the key things from my perspective: 1. Fixing the use of the FETCHER in the build process (I know there has already been some discussion around this as part of the Raisin work). In the commercial Xen distribution I'm responsible for we actually replace this mechanism and run in an isolated build environment; I'd like to see this be the standard model. 2. "Disaggregating" the hypervisor makes a lot of sense. With Xen seeing growth in embedded and client use-cases as well as the traditional server and cloud ones it will increasingly be the case that some hypervisor features are necessary in some cases and not in others. I certainly only want my TCB to include stuff I really need. 3. Do we need to revisit entire old subsystems/features that have been subject to years of incremental development? Perhaps a line item for Xen 4.7 could be a holistic review of the PV MM code. HVMLite may help in this specific area longer term but PV (and some of our other older features) are going to be around for a while yet. 4. Development/coding guidance and standards. This is something we need anyway as we grow the community. We should consider more specific guidance on defensive coding practices. To maintainers and committers: perhaps some of these architectural direction topics would be good discussions for an in-person dev meeting. Cheers, James _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |