From mboxrd@z Thu Jan  1 00:00:00 1970
From: aq <aquynh@gmail.com>
Subject: Re: [PATCH] sHype access control architecture for Xen
Date: Tue, 21 Jun 2005 14:47:59 +0900
Message-ID: <9cde8bff05062022475468b1c9@mail.gmail.com>
References: <1119288179.17919.31.camel@secureip.watson.ibm.com>
Reply-To: aq <aquynh@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <1119288179.17919.31.camel@secureip.watson.ibm.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Reiner Sailer <sailer@watson.ibm.com>
Cc: leendert@us.ibm.com, ronpz@us.ibm.com, rvaldez@us.ibm.com, sailer@us.ibm.com, xen-devel@lists.xensource.com, xense-devel@lists.xensource.com, stefanb@us.ibm.com, steven.hand@cl.cam.ac.uk
List-Id: xen-devel@lists.xenproject.org

On 6/21/05, Reiner Sailer <sailer@watson.ibm.com> wrote:
> This E-mail contains the sHype access control architecture
> for inclusion into the Xen hypervisor (xeno-unstable.bk).
> This is a follow-up on earlier postings:
> http://lists.xensource.com/archives/html/xen-devel/2005-04/msg00864.html
>=20
> The *_xen.diff patch includes the core sHype access control
> architecture. Default is the NULL-policy.
>=20
> The *_tools.diff patch includes the necessary additions to the
> tools directory:
>   a) adding support for an additional VM configuration paramter
>   b) adding basic policy management support into tools/policy
>=20
> The default setting is the NULL policy. After patching in the diff-
> files, you should see no change in behavior. Please refer to the
> attached shype4xen_readme.txt file for instructions on how to
> activate and experiment with sHype.
>=20
> While we have added support for saving and restoring security
> information when saving and restoring domains, the architecture
> currently supports save/restore only on the same hypervisor system
> running the same sHype policy. Future versions will include more
> flexible support for save/restore/migration.
>=20
> Our group will submit a java-based policy translation tool for sHype to
> this mailing list today as well. This tool takes as input an XML-based
> descriptions of user-defined sHype policies and translates them into a
> binary policy format that can be loaded into sHype.

any plan to write the tool in other language, not Java? i guess not
many people (include me) are willing to install Java on their system.

since python is used in xen, i  think it is a good candidate.

i will play with the code and give some feedbacks.

regards,
aq