[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xense-devel] questions about isolation model and GVTPM

To: <jackyhuangq@xxxxxxxx>
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Thu, 4 May 2006 22:11:35 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 04 May 2006 19:11:48 -0700
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/25/2006 10:40:38 AM: > Hi guys,
Hi Huang,

I am still out-of-the office but I am starting to read my e-mail :-) I did not see anybody answering to your e-mail yet, so I will try to answer those parts that I am familiar with.

> I am interesting in vitrualization and tcpa.I want to do some > research on Xen platform to present a more trusted VMM. I think the > key points are isolation and integrity.
>
> With isoliation, I want to use uninterference policy to confine the > communication between xen and domains with device channel.

This sounds interesting. Can you describe this policy a little more? What does it address that the current Type Enforcement (controlled sharing between Domains) or the Chinese Wall Policy do not express? Do you aim at discovering/measuring covert channels (a very beneficial, interesting, and challenging task)?

>That is to > say, map the formal model to xen. I think now the MAC mechanism also > does some isolation, the channel-control analyse with formal model > is another way, especially used for confine the TCB where access > control can do nothing.

You must be talking about covert channels here since those are not access controlled.

>By the way,I think critical application also > is a part of TCB.
> And from Reiner, I see Xen is not a isolation VMM,or separation VMM. > But I think formal analyze can benefit confinement of Xen's I/O device.

Can you give an example of an I/O device and the confinement guarantees you are looking for? We are extending the MAC into I/O virtualization (which happens on operating system level).

> With integrity, I want to examine the GVTPM architecture and do > something based on it.
> My questions are: does the isolation provided by Xen for domains is > strong enough from your developer's view? Is the! re anybody can > help me to learn more about GVTPM except for a .ppt document?

I can give a little information about last 4 letters (VTPM): there are multiple documented approaches. The current implementation in Xen is the result of a cooperation between Intel and IBM. We have a project web page at IBM Research that describes our general approach (http://www.research.ibm.com/ssd_vtpm) and we will present a research paper on the Usenix Security Symposium this year describing challenges and solutions when virtualizing a TPM.

Probably a person from Intel can describe best their vision of generalized VTPM or point to more information :-)

Regards
Reiner
> Something like what the function of "shared memory TPM driver" in > the code? is it a backend driver? Or what is the opinion of TCG about GVTPM?
> I am already much inspired by your help in the mail list.Hope I can > do something to the community. Thanks!
> Yours Huang _______________________________________________ > Xense-devel mailing list > Xense-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xense-devel

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

Next by Date: Re: [Xense-devel] questions about isolation model and GVTPM
Next by thread: Re: [Xense-devel] questions about isolation model and GVTPM
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.