From mboxrd@z Thu Jan  1 00:00:00 1970
From: Patrick Colp <pjcolp@cs.ubc.ca>
Subject: Re: question about XSM hooks
Date: Wed, 22 Jul 2009 09:25:03 +0100
Message-ID: <4A66CCDF.3050506@cs.ubc.ca>
References: <448245463.01031@gucas.ac.cn>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <448245463.01031@gucas.ac.cn>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: tianshuo06 <tianshuo06@mails.gucas.ac.cn>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

> 1. did XSM hooks are placed in the source code of xen manually?

Yes.

> 2. how to identify security-critical operation? 

This is why the answer to 1 is yes. It requires reasoning about what different 
security policies might want to enforce, what might be exploitable or could lead 
to convert channels, etc.

> 3. does the XSM hooks cover all the operations completely?

Probably not. Certainly not with new features, anyway.


Patrick