From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [Hackathon 16] Notes from Security Session
Date: Tue, 17 May 2016 17:08:43 -0400
Message-ID: <20160517210843.GD7179@char.us.oracle.com>
References: <D1126319-377D-4939-ADE8-4335ACAE9200@gmail.com>
 <5715F43E.7090503@cardoe.com> <5715F640.1070206@citrix.com>
 <20160425183229.GB13411@char.us.oracle.com>
 <571E7524.8070005@tycho.nsa.gov>
 <1445CEA7-78E1-428B-BD7C-757B2B8EB684@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <konrad.wilk@oracle.com>) id 1b2mF0-0007yR-0n
 for xen-devel@lists.xenproject.org; Tue, 17 May 2016 21:09:22 +0000
Content-Disposition: inline
In-Reply-To: <1445CEA7-78E1-428B-BD7C-757B2B8EB684@gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Lars Kurth <lars.kurth.xen@gmail.com>
Cc: James McKenzie <james.mckenzie@bromium.com>, sstabellini@kernel.org, Wei Liu <wei.liu2@citrix.com>, steve@zentific.com, Ross Philipson <philipsonr@ainfosec.com>, Andrew Cooper <andrew.cooper3@citrix.com>, openxt@googlegroups.com, Doug Goldstein <cardoe@cardoe.com>, George Dunlap <george.dunlap@citrix.com>, Rich Persaud <persaur@gmail.com>, Jan Beulich <jbeulich@suse.com>, Anthony PERARD <anthony.perard@citrix.com>, Xen-devel <xen-devel@lists.xenproject.org>, Daniel De Graaf <dgdegra@tycho.nsa.gov>
List-Id: xen-devel@lists.xenproject.org

T24gVHVlLCBBcHIgMjYsIDIwMTYgYXQgMDk6NTc6MTJBTSArMDEwMCwgTGFycyBLdXJ0aCB3cm90
ZToKPiBBbHNvIGFkZGluZyBTdGV2ZSBNYXJlc2NhIHRvIHRoZSB0aHJlYWQsIHdobyBoYXMgYmVl
biB1c2luZyBYU00gZXh0ZW5zaXZlbHkgYW5kIGFsc28gZG9jdW1lbnRpbmcgWFNNIGFuZCBjYW4g
cHJvdmlkZSBzb21lIHVzZXIgcGVyc3BlY3RpdmUgCj4gTGFycwo+IAo+ID4gT24gMjUgQXByIDIw
MTYsIGF0IDIwOjUxLCBEYW5pZWwgRGUgR3JhYWYgPGRnZGVncmFAdHljaG8ubnNhLmdvdj4gd3Jv
dGU6Cj4gPiAKPiA+IE9uIDA0LzI1LzIwMTYgMDI6MzIgUE0sIEtvbnJhZCBSemVzenV0ZWsgV2ls
ayB3cm90ZToKPiA+PiBPbiBUdWUsIEFwciAxOSwgMjAxNiBhdCAxMDoxMToyOEFNICswMTAwLCBB
bmRyZXcgQ29vcGVyIHdyb3RlOgo+ID4+PiBPbiAxOS8wNC8xNiAxMDowMiwgRG91ZyBHb2xkc3Rl
aW4gd3JvdGU6Cj4gPj4+PiBPbiA0LzE4LzE2IDEyOjIwIFBNLCBMYXJzIEt1cnRoIHdyb3RlOgo+
ID4+Pj4+IEhpIGFsbCwKPiA+PiAKPiA+PiBDQy1pbmcgWFNNIG1haW50YWluZXIgOi0pCj4gPiAK
PiA+IFRoYW5rcy4gSSdtIGdvaW5nIHRvIGNvbW1lbnQgb24gdGhpcyBhbmQgdGhlIHdpa2kuCj4g
PiAKPiA+IFsuLi5dCj4gPj4+Pj4gPT09IEVuYWJsaW5nIFhTTSBCeSBkZWZhdWx0ID09PQo+ID4+
Pj4+IEFuZHJldzogVGhlcmUgYXJlIHNvbWUgaXNzdWVzIHdoaWNoIHdlIG5lZWQgdG8gd29yayB0
aHJvdWdoOyBhIGxvdCBvZiBsaXR0bGUgcGFwZXIgY3V0cwo+ID4+Pj4+IFJpY2g6IENvdWxkIHdl
IGNyZWF0ZSBhIGxpc3Qgb2YgaXNzdWVzIG9uIHRoZSB3aWtpPwo+ID4+Pj4+IExhcnM6IERlZmlu
aXRlbHkKPiA+Pj4+PiBEb3VnOiBDb3VsZCB3ZSBub3QgaGF2ZSBhIHBvbGljeSB3aGljaCBpcyBl
cXVpdmFsZW50IHRvIFhTTSBiZWluZyBjb21waWxlZCBvdXQKPiA+Pj4+PiBBbmRyZXc6IENvdWxk
IG1ha2UgcG9saWN5IG1vcmUgbW9kdWxhciBpbnN0ZWFkIG9mIG9uZSBiaWcgZ2xvYmFsIHBvbGlj
eQo+ID4+Pj4+IAo+ID4+Pj4+IFJlLWFwcGx5IHBvbGljeSBvZiBndWVzdCBhZnRlciBydW5uaW5n
Cj4gPj4+Pj4gCj4gPj4+Pj4gQUNUSU9OOiBOZWVkIGEgd2lraSBwYWdlLCBLb25yYWQgY2FuIHN0
YXJ0IG9uZSBhbmQgd2UgY2FuIGNvbGxhYm9yYXRpdmVseSBmbGVzaCBpdCBvdXQKPiA+Pj4+PiBM
YXJzOiBTZWUgaHR0cDovL3dpa2kueGVucHJvamVjdC5vcmcvd2lraS9YU01Bc0RlZmF1bHRfVE9E
T19MaXN0Cj4gPj4+Pj4gCj4gPj4+Pj4gQUNUSU9OOiBLb25yYWQgYW5kIG90aGVycyB0byBhZGQg
ZGV0YWlsIHRvIGl0Cj4gPj4+Pj4gCj4gPj4+Pj4gCj4gPj4+PiBJdCB3YXMgcG9pbnRlZCBvdXQg
dG8gbWUgdGhhdCBJIGRpZCBub3QgZ2V0IG15IGNvbW1lbnRzIGFib3V0IFhTTSBhY3Jvc3MKPiA+
Pj4+IGNsZWFybHkuIEkgYmVsaWV2ZSB3ZSBuZWVkIHRvIGltcHJvdmUgdGhlIGRlZmF1bHQgcG9s
aWN5IHRvIGJlCj4gPj4+PiBlcXVpdmFsZW50IHRvIGRpc2FibGluZyBYU00gYW5kL29yIGNyZWF0
ZSBhIHBvbGljeSBjYWxsZWQgImR1bW15IiB0aGF0Cj4gPj4+PiBpcyB0aGUgc2FtZSBhcyBYU00g
ZGlzYWJsZWQuIFRvIG1ha2UgWFNNIHVzYWdlIG1vcmUgc21vb3RoIEkgcHJvcG9zZSB3ZQo+ID4+
Pj4gYmFrZSB0aGUgZGVmYXVsdCBwb2xpY3kgaW50byAuaW5pdGRhdGEgc28gdGhhdCB3aGVuIHlv
dSBib290IFhlbgo+ID4+Pj4gY29tcGlsZWQgd2l0aCBYU00geW91IGFyZSBubyB3b3JzZSBvZmYg
dGhhbiBjb21waWxpbmcgWFNNIG91dC4KPiA+Pj4+IAo+ID4+Pj4gVGhlIHJhdGlvbmFsZSBoZXJl
IGlzIHRoYXQgcHJpb3IgdG8gYSByZWNlbnQgY29tbWl0IHdoZW4geW91IGNvbXBpbGVkCj4gPj4+
PiBYZW4gd2l0aCBYU00gZW5hYmxlZCBidXQgZGlkIG5vdCBwcm92aWRlIGEgZGVmYXVsdCBwb2xp
Y3kgdGhlbiBhbnkgZG9tVXMKPiA+Pj4+IHRoYXQgeW91IHJhbiBoYWQgYXMgbXVjaCBhY2Nlc3Mg
YXMgZG9tMC4gVGhlIHJlY2VudCBjb21taXQgY2hhbmdlZCBpdCBzbwo+ID4+Pj4gdGhhdCBYZW4g
YnkgZGVmYXVsdCBkb2VzIG5vdCBib290IHdpdGhvdXQgYSBwb2xpY3kuCj4gPj4+PiAKPiA+Pj4+
IFdpdGggbXkgcHJvcG9zZWQgY2hhbmdlIHdlIHdvdWxkIGhhdmUgImR1bW15IiB0aGF0IHdvdWxk
IGNvbXBpbGUgaW4gYW5kCj4gPj4+PiBpZiB5b3UgcHJvdmlkZWQgYW5vdGhlciBwb2xpY3kgaXQg
d291bGQgYmUgdXNlZCBpbnN0ZWFkIG9yIHlvdSBjb3VsZAo+ID4+Pj4gbGF0ZSBsb2FkIGEgcmVw
bGFjZW1lbnQgcG9saWN5LiBCYXNpY2FsbHkgZmlsbGluZyB0aGUgZ2FwIG9mIHR1cm5pbmcgb24K
PiA+Pj4+IFhTTSBhbmQgaGF2aW5nIGEgc3lzdGVtIGxlc3Mgc2VjdXJlIHRoYW4gWFNNIG9mZiB1
bnRpbCB5b3UgZGV2ZWxvcGVkCj4gPj4+PiB5b3VyIHBvbGljeS4KPiA+Pj4gCj4gPj4+ICsxLiAg
SXQgYWxzbyBhdm9pZHMgbmVlZGluZyB0byBwbGF5IGFyb3VuZCBsb2FkaW5nIGFuIGV4dHJhIGZp
bGUgYXMgYSBncnViCj4gPj4+IG1vZHVsZSwgd2hpY2ggbWFrZXMgZGlzdHJvLWludGVncmF0aW9u
IGVhc2VyLgo+ID4+PiAKPiA+Pj4gfkFuZHJldwo+ID4gCj4gPiBUaGlzIHNob3VsZCBiZSBkb2Fi
bGUsIHRob3VnaCBpdCB3aWxsIHJlcXVpcmUgbW92aW5nIHRoZSByZXN0IG9mCj4gPiB0b29scy9m
bGFzay9wb2xpY3kgdW5kZXIgeGVuLyBmb3IgcHJvcGVyIGRlcGVuZGVuY2llcy4gQmV5b25kIHRo
YXQsIGl0Cj4gPiB3b3VsZCBuZWVkIGVpdGhlciBhIHNjcmlwdCBvciBhIGNhcmVmdWwgaW52b2Nh
dGlvbiBvZiBvYmpjb3B5IHRvIGNvbnZlcnQKPiA+IHRoZSBwb2xpY3kgb3V0cHV0IHRvIGFuIGFy
cmF5IGluIGluaXRkYXRhLCBhbmQgdGhlbiB0aGF0IHBvbGljeSB3b3VsZCBiZQo+ID4gdXNlZCBp
ZiB0aGUgYm9vdGxvYWRlciBvbmUgaXMgbm90IHByZXNlbnQuCgpPSywgbGV0IG1lIHRha2UgYSBz
dGFiIGF0IHRoYXQuIFVubGVzcyBzb21lYm9keSBlbHNlIGlzIGFscmVhZHkgbG9va2luZwphdCB0
aGlzPwoKPiA+IAo+ID4gRnJvbSB0aGUgd2lraToKPiA+PiBYU00gd2l0aCBkZWZhdWx0IHBvbGlj
eSB3aWxsIGhhdmU6Cj4gPj4gCj4gPj4gIC0gU2FtZSBmdW5jdGlvbmFsaXR5IGV4cG9zZWQgdG8g
Z3Vlc3RzIHdpdGhvdXQgcmVncmVzc2lvbnMKPiA+PiAgLSBIYXZlIGF0IG1pbmltdW0gdGhlIHNh
bWUgc2VjdXJpdHkgYXMgd2UgaGF2ZSB3aXRob3V0IFhTTSBlbmFibGVkLgo+ID4+ICAtIEhhdmUg
c2V0IG9mIHBvbGljaWVzIGZvciBkZXZpY2UgZHJpdmVyIGRvbWFpbnMgdnMgY29udHJvbCBkb21h
aW5zLgo+ID4gCj4gPiBUaGUgZmlyc3QgdHdvIGJ1bGxldHMgc2hvdWxkIGJlIHRydWUgd2l0aCB0
aGUgY3VycmVudCBwb2xpY3kuIFRoZSB0aGlyZAo+ID4gbmVlZHMgdG8gYmUgbW9yZSBwcmVjaXNl
bHkgZGVmaW5lZDogYW55IG9wZXJhdGlvbiBvbiBhIGdyb3VwIGl0Cj4gPiBjb250cm9scywgb3Ig
bGltaXRlZCBvcGVyYXRpb25zIChzdWNoIGFzIGFkanVzdGluZyBtZW1vcnkgc2l6ZSkgb24gYWxs
Cj4gPiBndWVzdHM/ICBUaGUgbGF0dGVyIHdpbGwgcHJvYmFibHkgbmVlZCBhIGN1c3RvbSBwb2xp
Y3kgKG1vZHVsZSkgZm9yCj4gPiBleGFjdGx5IHdoYXQgdGhlIGNvbnRyb2wgZG9tYWluIGRvZXMu
CgpIbS4gSSB3b3VsZCBoYXZlIHRob3VnaHQgdGhhdCBkZXZpY2UgZHJpdmVyIGRvbWFpbnMgd291
bGQgaGF2ZQpsaW1pdGVkIG9wZXJhdGlvbnMuIEFzIGluIHRoZXkgY2FuIGRvIGdyYW50IG1hcHMs
IFBDSWUgYWNjZXNzLCBldGMuCkJ1dCB0aGV5IGNhbm5vdCBkbyB0aGUgb3BlcmF0aW9ucyB0aGF0
IGRvbTAgaGFzIGRvbmUuCgpEb3VnLCBkaWRuJ3QgeW91IGRvIHNvbWUgb2YgdGhpcyBhbHJlYWR5
Pwo+ID4gCj4gPj4gS25vd24gSXNzdWVzCj4gPj4gCj4gPj4gIC0gQ2Fubm90IHJlLWFwcGx5IGEg
bmV3IHBvbGljeSBhZnRlciBndWVzdHMgaGF2ZSBiZWVuIHJ1bm5pbmcuCj4gPiAKPiA+IFRoaXMg
aXMgcG9zc2libGUgdmlhICJ4bCBsb2FkcG9saWN5Ii4gIFRoZXJlIGlzIG5vIChleHBvc2VkKSB3
YXkgdG8KPiA+IHJlLWxhYmVsIGV4aXN0aW5nIGRvbWFpbnMsIGJ1dCB5b3UgY2FuIGNyZWF0ZSBu
ZXcgZG9tYWlucyB1c2luZyBuZXcKPiA+IHR5cGVzIGluIHRoZSBwb2xpY3kuICBUaGUgbmV3IHBv
bGljeSBydWxlcyB3aWxsIGJlIGVuZm9yY2VkIGltbWVkaWF0ZWx5Cj4gPiBvbiBleGlzdGluZyBk
b21haW5zLCBidXQgdGhpcyBtYXkgbm90IGZ1bGx5IHRpZ2h0ZW4gcmVzdHJpY3Rpb25zOiBmb3IK
PiA+IGV4YW1wbGUsIGlmIGEgcGFzc3Rocm91Z2ggZGV2aWNlIGlzIG5ld2x5IGRpc2FsbG93ZWQg
YnV0IGFscmVhZHkgbWFwcGVkCj4gPiBieSBhIGRvbWFpbiwgaXQgd2lsbCBub3QgYmUgdW5tYXBw
ZWQuCgpXb3VsZCB0aGUgYXVkaXQgY29kZSBtZW50aW9uIHRoaXM/IEFoIEkgcHJlc3VtZSBub3Qg
YXMgdGhlIG9wZXJhdGlvbgpoYXMgYWxyZWFkeSBiZWVuIGNvbXBsZXRlZCBhbmQgdGhlIElPTU1V
IGFjY2VzcyBhbmQgc3VjaCBkbyBub3QgZG8gWFNNCmNoZWNrcy4KCkJ1dCBpdCBpcyBnb29kIHRv
IGtub3cgdGhhdCB5b3UgY2FuIHJlbGFibGUgZXhpc3RpbmcgZG9tYWlucy4KSSB3YXMgdW5kZXIg
dGhlIG1pc3Rha2VuIGltcHJlc3Npb24geW91IGNvdWxkbid0IQoKPiA+IAo+ID4+IFRPRE8gTGlz
dAo+ID4+IAo+ID4+ICAtIENvdWxkIGluaXRpYWwgYnVpbGQgb2YgWGVuIGh5cGVydmlzb3IgaW5j
bHVkZSBhIGJ1aWx0LWluIChpbnNpZGUgLmluaXQuZGF0YSkgcG9saWN5IGZpbGU/Cj4gPiAoQWJv
dmUpLgo+ID4+ICAtIENhbiB3ZSBtYWtlIHBvbGljaWVzIG1vZHVsYXJpemVkPyBBIGNvcmUgKHBl
cmhhcHMgYnVpbHQtaW4/KSB3aXRoIGFtZW5kbWVudHMgbG9hZGVkIGxhdGVyPwo+ID4gCj4gPiBU
aGVyZSBpcyBhbHJlYWR5IHNvbWUgc3VwcG9ydCBmb3IgbW9kdWxlcyBpbiB0aGUgWFNNIHBvbGlj
eTogc2VlCj4gPiB0b29scy9mbGFzay9wb2xpY3kvcG9saWN5L21vZHVsZXMuY29uZi4gIEN1cnJl
bnRseSB0aGlzIGlzIG5vdCByZWFsbHkKPiA+IHVzZWQ6IGFsbCBydWxlcyBhcmUgaW4gdGhlICJ4
ZW4iIG1vZHVsZS4gIEhvd2V2ZXIsIGl0IGNvdWxkIGJlIHNwbGl0IHVwCj4gPiBpbnRvIGEgcmVh
bCBjb3JlIG1vZHVsZSAocHJvYmFibHkgc3RpbGwgbmFtZWQgInhlbiIpIGFuZCBvdGhlciBtb2R1
bGVzCj4gPiB0aGF0IHdvdWxkIGJlIGF2YWlsYWJsZSB0byB0dXJuIG9uL29mZi4KClRoYXQgaXMg
cXVpdCBhcHBlYWxpbmcuIEVzcGVjaWFsbHkgd2hlbiBpdCBjb21lcyB0byB3b3JraW5nIG9uCnNh
eSBkZXZpY2UgZHJpdmVyIGRvbWFpbnMgYW5kIGhhdmluZyB0aGUgJ2NvcmUnIFhlbiBvbmUgdGhl
cmUgd2hpbGUKSSBjYW4gZnV0eiBhcm91bmQgd2l0aCBkZXZpY2UgZHJpdmVyIG9uZS4KCj4gPiAK
PiA+IFRoZSBwcm9jZXNzIG9mIGFzc2VtYmxpbmcgdGhlIG1vZHVsZXMgaW50byBhIHNpbmdsZSBY
U00gcG9saWN5IGlzIGRvbmUKPiA+IGluIHVzZXJzcGFjZSwgbm90IHRoZSBoeXBlcnZpc29yLCBz
byAieGwgbG9hZHBvbGljeSIgd291bGQgbm90IGNoYW5nZS4KCi9tZSBub2RzCgpUaGFuayB5b3Uh
IAoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRl
dmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVu
Lm9yZy94ZW4tZGV2ZWwK