From: Christian Leber <christian@leber.de>
To: dinesh chandrasekaran <dinesh_chan8@hotmail.com>
Cc: xen-devel@lists.xensource.com
Subject: Re: Academic Project
Date: Wed, 4 Mar 2009 09:45:58 +0100 [thread overview]
Message-ID: <20090304084557.GA8743@core> (raw)
In-Reply-To: <COL107-W147CA88193483F639D9C2AB1A70@phx.gbl>
On Wed, Mar 04, 2009 at 08:25:49AM +0530, dinesh chandrasekaran wrote:
Hi dinesh
> > That implies the protection hardware is not controlled by the dom0 and
> > there is another more secure way for the administration of it and second
> > that the dom0 can't do anything.
>
> Absolutely. You are correct.
Ok, so how do you plan to do this and why is this supposed to be more
secure?
> I guess the domain scheduling is done by the VMM and not by dom0?
> Through VMM Hooks, the VMM is made to inform the device about the domain
> scheduled to run.
> So dom0 cannot claim to be any domU.
I'm not really sure, but i think the dom0 can access the complete system
memory. If not, then it controls at least some hardware that can do DMA
and can this way access all the memory.
-> dom0 can write/read all memory -> it can do anything
> > furthermore the dom0 should also be able to overwrite the xen kernel.
>
> Can you throw some lights on the above "overwriting the xen kernel by
> dom0"?
A compromised dom0 could just replace the xen kernel/hypervisor on disk and/or in
memory.
Your idea just has so many problems, like what are you doing to do about disk i/o?
Christian
next prev parent reply other threads:[~2009-03-04 8:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-22 17:19 Academic Project dinesh chandrasekaran
[not found] ` <D4980157-9DB2-4205-BDA8-756727AD128F@rsbac.org>
2009-02-23 15:31 ` dinesh chandrasekaran
2009-02-23 15:44 ` weiming
2009-02-23 16:07 ` dinesh chandrasekaran
2009-02-23 16:17 ` weiming
[not found] ` <add59a3f0902230816l42ce6c97l263e5f40a735e56@mail.gmail.com>
2009-02-23 16:41 ` dinesh chandrasekaran
2009-03-03 19:54 ` dinesh chandrasekaran
2009-03-03 20:17 ` Mats Petersson
2009-03-03 22:54 ` Christian Leber
2009-03-04 0:30 ` dinesh chandrasekaran
2009-03-04 0:55 ` Christian Leber
2009-03-04 2:55 ` dinesh chandrasekaran
2009-03-04 5:15 ` Volume group "VolGroup00" not found when I boot xen Xia, Liangfu
2009-03-04 5:49 ` Masaki Kanno
2009-03-04 6:06 ` Xia, Liangfu
2009-03-04 8:36 ` M A Young
2009-03-04 9:11 ` Boris Derzhavets
2009-03-04 8:45 ` Christian Leber [this message]
2009-03-04 16:41 ` Academic Project dinesh chandrasekaran
2009-03-05 8:47 ` Christian Leber
2009-03-05 20:46 ` dinesh chandrasekaran
2009-03-09 19:29 ` dinesh chandrasekaran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090304084557.GA8743@core \
--to=christian@leber.de \
--cc=dinesh_chan8@hotmail.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.