[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xense-devel] Secure Network Communications Between Xen VMs

To: Xense-devel@xxxxxxxxxxxxxxxxxxx
From: bigschu <bigschu@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 09 May 2006 09:51:58 -0700
Delivery-date: Tue, 09 May 2006 09:52:44 -0700
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Hi all,

I have two questions about the secure network communications between XenVMs (i.e. domains) residing on different physical machines.1) By way of example, if domU1 on machine M1 is communicating with twoother domains, domU2 and domU3 on machine M2, how does thehypervisor/ACM on M1 differentiate between inbound/outbound trafficdestined only for domU2 or domU3 and ensure that traffic is routed tothe proper domain?2) Is all of the traffic between various domains encrypted to preventeavesdropping via network sniffing?I've read the paper, "DeuTeRium -- A System for Distributed MandatoryAccess Control" but it's not clear to me from the actual implementationexamples and documentation how you set up the IPSEC labeled tunnelingmechanism and ensure validation of all traffic passing between thevarious domains.


Thanks,
Mike Schumann


_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

Follow-Ups:
- Re: [Xense-devel] Secure Network Communications Between Xen VMs
  - From: Andrew Warfield

Prev by Date: Re: [Xense-devel] questions about isolation model and GVTPM
Next by Date: Re: [Xense-devel] Secure Network Communications Between Xen VMs
Previous by thread: Re: [Xense-devel] questions about isolation model and GVTPM
Next by thread: Re: [Xense-devel] Secure Network Communications Between Xen VMs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.