question about XSM hooks

question about XSM hooks

[tianshuo06]

[-- Attachment #1.1: Type: text/plain, Size: 450 bytes --]

1. did XSM hooks are placed in the source code of xen manually?
As we all know, the hooks are used to insert authorization checks on the security-critical operation, now my question is, 
2. how to identify security-critical operation? 
security-critical operations are inter-VM communication and cooperation implementing on top of shared virtual resources, 
3. does the XSM hooks cover all the operations completely?
thanks.



tianshuo06
2009-07-22

[-- Attachment #1.2: Type: text/html, Size: 1252 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: question about XSM hooks

[Patrick Colp]

> 1. did XSM hooks are placed in the source code of xen manually?

Yes.

> 2. how to identify security-critical operation? 

This is why the answer to 1 is yes. It requires reasoning about what different 
security policies might want to enforce, what might be exploitable or could lead 
to convert channels, etc.

> 3. does the XSM hooks cover all the operations completely?

Probably not. Certainly not with new features, anyway.


Patrick