SlideShare una empresa de Scribd logo
1 de 65
Descargar para leer sin conexión
Securing Your Cloud With the
Xen Hypervisor
Russell Pavlicek
Xen Project Evangelist
Citrix Systems
Who is the Old, Fat Geek Up Front?
●

Xen Project Evangelist (I have a big mouth...)

●

Employed by Citrix, focused entirely on Xen project

●

History with open source begins in 1995

●

●

●

Former columnist for Infoworld, Processor
magazines
Former panelist on The Linux Show, speaker at over
50 Open Source conferences
Over 150 pieces published, one book on
open source, plus blogs
Presentation Goals
●

Introduce the subject of security in the Cloud

●

Introduce you to the Xen Project Security Tools

●

Discuss some key Xen Project security features

●

Get you started in the right direction toward securing
your Xen Project Hypervisor installation
Presentation Outline
●

A few thoughts on the problem of securing the Cloud

●

Overview of the Xen Project architecture

●

Brief introduction to the principles of security analysis

●

Examine some of the attack surfaces and the Xen
Project features we can use to mitigate them:
–

Driver Domains

–

PVgrub

–

Stub Domains

–

Paravirtualization (PV) versus
Hardware Virtualization (HVM)

–

FLASK example policy
Introduction: Xen Project, The Cloud,
and Security
Introduction: Xen Project and Security
●

Xen Project produces an enterprise-grade Type 1
hypervisor

●

Built for the cloud before it was called cloud

●

A number of advanced security features
–

Driver domains, stub domains, FLASK, and more

–

Most of them are not (or cannot) be turned on by
default

–

Although they can be simple to use, sometimes
they appear complicated
The Cloud Security Conundrum
●

Cloud Security: The 800lb Gorilla in the room
–

Nothing generates more fear in specific, and FUD in
general

–

Probably the single greatest barrier to Cloud adoption

–

Immediately behind it is the inability to get out of the
20th century IT mindset
– Must get past the “Change is Bad” concept of 1980
– Cloud is about embracing change at a rapid pace
The good news: the “Gorilla” is actually a “Red Herring”
●

●

We don't need to fear it – we just need to solve it
Cloud Security: New Visibility to an Old Problem
●

●

●

●

Security has always been an IT issue
Putting a truly secure system in the open does not
reduce its security, it just increases the frequency of
attack
Unfortunately, system security behind the firewall has
not always been comprehensive
Having solutions in an external cloud forces us to
solve the security issues we should have already
solved

News Flash: Security Through Obscurity is Dead
Use Security by Design, Not by Wishful Thinking

●

Security by wishful thinking no longer works
–

–

Addressing security in one area while ignoring others is NOT
good enough

–
●

Merely hoping that your firewall holds off the marauding hordes
is NOT good enough

Saying, “We never had a problem before” is NOT good enough

Comprehensive security starts with design
–

It needs to be planned carefully and thought through

–

It needs to be implemented at multiple levels

–

It needs components which are themselves securable
Xen Project: Security by Design
●

Xen Project was designed for clouds before the term
“cloud” was ever coined in the industry
–

http://www.cl.cam.ac.uk/research//srg/netos/xeno/publ
ications.html
Xen Project is designed to thwart attacks from many
attack vectors, using different defensive techniques
–

●

Designers foresaw the day of “infrastructure for
wide-area distributed computing” which we now call
“the cloud”
Basic Architecture of the Xen Project
Hypervisor
Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
VMn
VM1
VM0
Guest OS
and Apps

Hypervisor

Host HW

Device Drivers/
Models

I/O

Memory

Scheduler
MMU
CPUs

Provides partition isolation +
reliability, higher security
Hypervisor Architectures
Type 1: Bare metal Hypervisor

Type 2: OS ‘Hosted’

A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.

A Hypervisor that runs within a Host OS and
hosts Guest OS’s inside of it, using the host OS
services to provide the virtual environment.

VMn
VM1
VM0

User-level VMM
User
Apps

Device Models

Guest OS
and Apps

Hypervisor

Host HW

I/O

Memory

Scheduler
MMU
CPUs

Provides partition isolation +
reliability, higher security

Device Drivers

Host HW

VM0
Guest OS
and Apps

Host OS
Device Drivers/
Models

VMn
VM1

I/O

Ring-0 VM Monitor
“Kernel “

Memory

CPUs

Low cost, no additional drivers
Ease of use and installation
Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor

VMn
VM1
VM0
Guest OS
and Apps

Hypervisor

Host HW

Device Drivers/
Models

I/O

Memory

Scheduler
MMU
CPUs
Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor

XEN Architecture

VMn
VM1

VMn
VM1

VM0
Guest OS
and Apps

Hypervisor

Host HW

Device Drivers/
Models

I/O

Memory

VM0
Guest OS
and Apps

Scheduler
MMU
CPUs

MMU

Scheduler

Host HW

I/O

Memory

CPUs
Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor

VMn
VM1
VM0
Guest OS
and Apps

Hypervisor

Host HW

Device Drivers/
Models

I/O

Memory

Scheduler
MMU
CPUs

XEN Architecture
Control domain
(dom0)
VMn
VM1

Device Models

VM0

Drivers

Guest OS
and Apps

Linux & BSD
MMU

Scheduler

Host HW

I/O

Memory

CPUs
Xen Project Architecture: Basic Parts
Security Thinking: An Approach
An Approach to Security Thinking
●

Threat models:
–
–

●

Attacker can access network
Attacker controls one Guest VM

Security considerations to evaluate:
–
–

What is the interface like? (e.g., pointers vs scalars)

–
●

How much code is accessible?
Defense-in-depth: how many rings of defense surround you?

Then combine security tactics to secure the installation
–

There is no single "magic bullet"

–

Individual tactics reduce danger; combined tactics go farther
Example System For This
Discussion
●

Hardware setup
–
–

●

Two networks: one Control network, one Guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2) to
allow for full hardware virtualization (HVM)

Default configuration
–

Network drivers in the Control Domain (aka "Domain 0" or just
"Dom0")

–

Paravirtualized (PV) guests using PyGrub (grub-like boot utility
within context of Guest Domain)

–

Hardware Virtualized (HVM) guests using Qemu (as the device
model) running in the Control Domain
Attacking the Network Interface
Attack Surface: Network Path
Attack Surface: Network Path
●

Where might an exploit focus?
–

Bugs in hardware driver

–

Bugs in bridging / filtering

–

Bugs in netback (via the ring protocol)
●

●

Netback and Netfront are part of the Paravirtualization mode

Note the exploits
–

The main exploits exist already, even in hardware

–

The netback surface is very small, but needs to be acknowledged

–

When these are attacked in hardware, you have deep trouble

–

You actually have better defense in the VM than in hardware
Result: Network Path Compromised
Result: Network Path Compromised
Vulnerability Analysis:
What could a successful exploit yield?

Control of Domain 0 kernel

This could lead to the control of the whole system
Security Feature: Driver Domains
Security Feature: Driver Domains
●

What is a Driver Domain?
–

Unprivileged VM which drives hardware

–

It provides driver access to guest VMs

–

Very limited scope; not a full operating system

–

Does not have the access or capability of a full VM
Result: Driver Domain Compromised
Result: Driver Domain Compromised
●

Now a successful exploit could yield:
–

Control of the Driver Domain
(Paravirtualization hypercall interface)
●

–

But the Driver Domain is limited: no shell, no utilities

Control of that guest's network traffic
●

But in the cloud, most orchestrators detect network traffic failure

●

The problem is not allowed to stand very long

–

Control of the network interface card (NIC)

–

An opportunity to attack the netfront of other guest VMs
●

But to take advantage of this platform, you need to launch another attack

●

Compound attacks are complex, and they take time which you may not have
Basic How To: Driver Domains
●

Create a VM with appropriate drivers
–

●

Use any distribution suitable as a Control Domain

Install the Xen Project hotplug scripts
–

Just installing the Xen Project tools in the VM is usually
good enough

●

Give the VM access to the physical NIC with PCI passthrough

●

Configure the network topology in the Driver Domain
–

Just like you would for the Control Domain
Basic How To: Driver Domains
●

Configure the guest Virtual Network Interface (vif) to
use the new domain ID
–

Add “backend=domnet” to vif declaration

vif = [ 'type=pv, bridge=xenbr0, backend=domnet' ]

Detailed Info
http://wiki.xenproject.org/wiki/Driver_Domain
Attacking the PyGrub Boot Loader
Attack Surface: PyGrub
Attack Surface: PyGrub
●

What is PyGrub?
–
–

●

“grub” implementation for Paravirtualized guests
A Python program running in Control Domain

What does it do?
–

It reads the guest VM's filesystem

–

It parses grub.conf

–

It displays a boot menu to the user

–

It passes the selected kernel image to domain builder
Attack Surface: PyGrub
Attack Surface: PyGrub
●

Where might an exploit focus?
–
–

Bugs in menu parser

–
●

Bugs in file system parser

Bugs in domain builder

Again, note the exploits
–

Forms of these exist in hardware as well

–

But hardware doesn't have as many options to combat
the situation
Result: PyGrub Compromised
Result: PyGrub Compromised
Vulnerability Analysis:
What could a successful exploit yield?

Control of Domain 0 user space

This could lead to the control of the whole system
Security Feature: Fixed Kernels
Security Feature: Fixed Kernels
●

What is a fixed kernel?
–

Passing a known-good kernel from Control Domain
●

●

–
●

No longer allows a user to choose the kernel
Best practice for anything in production

Removes attacker avenue to domain builder

Disadvantages
–

Host administrator must keep up with kernel updates

–

Guest admin can't pass kernel parameters or custom kernels
Security Feature: PVgrub
Security Feature: PVgrub
●

What is PVgrub?
–

MiniOS plus the Paravirtualized port of “grub” running
in a guest context

–

Paravirtualized equivalent of Hardware Virtualized
combination of BIOS plus grub
Result: PVgrub Compromised
Vulnerability Analysis:
Now a successful exploit could yield:

Control of the attacked Guest Domain alone

Control Domain is no longer at risk
Basic HowTo: PVgrub
●

Make sure that you have the PVgrub image
–
–

Normally lives in “/usr/lib/xen/boot”

–

Debian, SLES: Currently need to build for yourself

–
●

“pvgrub-$ARCH.gz”

Included in Fedora Xen Project packages

Use appropriate PVgrub as bootloader in guest
configuration:
–

kernel="/usr/lib/xen/boot/pvgrub-x86_32.gz"

See http://wiki.xenproject.org/wiki/Pvgrub
Attacking the Qemu Device Model
Attack Surface: Device Model (Qemu)
Attack Surface: Device Model (Qemu)

●

What is Qemu?
–
–

●

In other contexts, a virtualization provider
In the Xen Project context, a provider of needed
device models

Where might an exploit focus?
–

Bugs in NIC emulator parsing packets

–

Bugs in emulation of virtual devices
Result: Device Model Compromised
Vulnerability Analysis:
What could a successful exploit yield?

Control Domain privileged user space

This could lead to the control of the whole system
Security Feature: Qemu Stub Domains

●

What is a stub domain?
–

Stub domain: a small “service'' domain running just
one application

–

Qemu stub domain: run each Qemu in its own
domain
Result: Stub Domain Compromised
Vulnerability Analysis:
Now a successful exploit could yield:

Control only of the stub domain VM
(which, if FLASK is employed, is a relatively small universe)

You need to devise another attack entirely to do
anything more significant
Basic HowTo: Qemu Stub Domains
●

Make sure that you have the ioemu image:
–
–

Normally lives in “/usr/lib/xen/boot”

–

SUSE SLES, currently need to build it yourself (SLES 12?)

–

Included in Fedora Xen Project packages

–
●

“ioemu-$ARCH.gz”

On Debian (and offshoots), you will need to build it yourself

Specify stub domains in your guest configuration:
device_model_stubdomain_override = 1

Detailed Info
http://wiki.xenproject.org/wiki/Device_Model_Stub_Domains
Attacking the Hypervisor Itself
Attack Surface: The Hypervisor Itself
●

Where might an exploit focus?
–

On Paravirtualized (PV) Guests:

–

PV Hypercalls
On full Hardware Virtualized (HVM) Guests:
●

HVM hypercalls (Subset of PV hypercalls)
● Instruction emulation (MMIO, shadow pagetables)
● Emulated platform devices: APIC, HPET, PIT
● Nested virtualization
Security practice: Use PV VMs whenever possible
●

●
Using the Xen Project Security Module
Security Feature: FLASK Policy
●

What is FLASK?
–

Xen Security Module (XSM): Xen Project equivalent of
LSM

–

FLASK: FLux Advanced Security Kernel

–

Framework for XSM developed by NSA

–

Xen Project equivalent of SELinux

–

Uses same concepts and tools as SELinux

–

Allows a policy to restrict hypercalls
Security Feature: FLASK Policy
●

What can FLASK do?
–

–
●

Basic: Restricts hypercalls to those needed by a particular
guest
Advanced: Allows more fine-grained granting of privileges

FLASK example policy
–

This contains example roles for the Control Domain
(dom0), User/Guest Domain(domU), stub domains, driver
domains, etc.

–

Make sure you TEST the example policy in your
environment BEFORE putting it into production!

NOTE: As an example policy, it is not as rigorously tested as other parts of Xen during
release; make sure it is suitable for you
Basic HowTo: FLASK Example Policy
●

Build Xen Project software with XSM enabled

●

Build the example policy

●

Add the appropriate label to guest config files:
–

“seclabel=[foo]”

–

“stubdom_label=[foo]”

Detailed Info
http://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK
ARM-Specific Security Features
Xen Project + ARM = A Perfect Match
ARM Architecture Features for Virtualization

ARM SOC

User mode : EL0
Device Tree describes …

Kernel mode : EL1

I/O

Hypercall Interface HVC
GT

GIC
v2

2
stage
MMU

Hypervisor mode : EL2
Xen Project + ARM = A Perfect Match
ARM Architecture Features for Virtualization

ARM SOC

EL0
Device Tree describes …

EL1

I/O

HVC
GT

GIC
v2

2
stage
MMU

EL2
Xen Project Hypervisor
Xen Project + ARM = A Perfect Match
ARM Architecture Features for Virtualization

ARM SOC

Any Xen Project Guest VM (including Dom0)
Project Guest VM (including Dom0)
EL0
User Space
User Space

Device Tree describes …

Kernel
Kernel

EL1

I/O

HVC
GT

GIC
v2

2
stage
MMU

EL2
Xen Project Hypervisor
Xen Project + ARM = A Perfect Match
ARM Architecture Features for Virtualization

ARM SOC
Dom0
Dom0
only

Any Xen Project Guest VM (including Dom0)
Project Guest VM (including Dom0)
EL0
User Space
User Space

Device Tree describes …

Kernel
Kernel
PV
back

I/O

PV

EL1
front

HVC
GT

GIC
v2

2
stage
MMU

EL2
Xen Project Hypervisor
ARM: Right Solution for Security
●

Stays in ARM Hypervisor Mode
–
–

Because Xen Project's architecture maps so well to the ARM architecture, the
hypervisor never has to use Kernel mode

–

Other hypervisors have to flip back and forth between modes

–

If a hypervisor has to enter Kernel mode, it loses the security of running in a
privileged mode, isolated from the rest of the system

–
●

The ARM architecture has separate Hypervisor and Kernel modes

This is a non-issue with the Xen Project Hypervisor on ARM

Does not need to use device emulation
–

No emulation means a smaller attack surface for bad guys
For More Information...
Detailed Info
http://wiki.xenproject.org/wiki/Securing_Xen
Thanks to George Dunlap for supplying much of the information
presented here, and Stefano Stabellini for ARM information

Center of the Xen Project universe:
http://www.XenProject.org/
Contact me at russell.pavlicek@xenproject.org

Thank You!
Scale 12x Securing Your Cloud with The Xen Hypervisor

Más contenido relacionado

La actualidad más candente

XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...The Linux Foundation
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorThe Linux Foundation
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTThe Linux Foundation
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013The Linux Foundation
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18:  Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18:  Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...The Linux Foundation
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization  - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization  - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixThe Linux Foundation
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Stefano Stabellini
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...The Linux Foundation
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Novell
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesThe Linux Foundation
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesPriyanka Aash
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...The Linux Foundation
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016The Linux Foundation
 

La actualidad más candente (20)

XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16:  XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project Hypervisor
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18:  Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18:  Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization  - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization  - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
 
Xen Project: Windows PV Drivers
Xen Project: Windows PV DriversXen Project: Windows PV Drivers
Xen Project: Windows PV Drivers
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)
 
XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development Update
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization Opportunities
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical Defenses
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
 
XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016XPDS16: Xen Project Weather Report 2016
XPDS16: Xen Project Weather Report 2016
 

Similar a Scale 12x Securing Your Cloud with The Xen Hypervisor

Build-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenBuild-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenThe Linux Foundation
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Russell Pavlicek
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Russell Pavlicek
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13The Linux Foundation
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudThe Linux Foundation
 
V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2karanamsaibabu
 
Xen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilXen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilThe Linux Foundation
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
Open source hypervisors in cloud
Open source hypervisors in cloudOpen source hypervisors in cloud
Open source hypervisors in cloudChetna Purohit
 
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...The Linux Foundation
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenBitdefender Enterprise
 
Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Casey Bisson
 

Similar a Scale 12x Securing Your Cloud with The Xen Hypervisor (20)

Build-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenBuild-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with Xen
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and Futures
 
LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and Beyond
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case Study
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
 
V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2V mwarev sphere5.1notes-v2
V mwarev sphere5.1notes-v2
 
Xen Project Update LinuxCon Brazil
Xen Project Update LinuxCon BrazilXen Project Update LinuxCon Brazil
Xen Project Update LinuxCon Brazil
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
 
Open source hypervisors in cloud
Open source hypervisors in cloudOpen source hypervisors in cloud
Open source hypervisors in cloud
 
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xen
 
Docker San Diego 2015-03-25
Docker San Diego 2015-03-25Docker San Diego 2015-03-25
Docker San Diego 2015-03-25
 

Más de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

Más de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Último

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"DianaGray10
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimizationarrow10202532yuvraj
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 

Último (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 

Scale 12x Securing Your Cloud with The Xen Hypervisor

  • 1. Securing Your Cloud With the Xen Hypervisor Russell Pavlicek Xen Project Evangelist Citrix Systems
  • 2. Who is the Old, Fat Geek Up Front? ● Xen Project Evangelist (I have a big mouth...) ● Employed by Citrix, focused entirely on Xen project ● History with open source begins in 1995 ● ● ● Former columnist for Infoworld, Processor magazines Former panelist on The Linux Show, speaker at over 50 Open Source conferences Over 150 pieces published, one book on open source, plus blogs
  • 3. Presentation Goals ● Introduce the subject of security in the Cloud ● Introduce you to the Xen Project Security Tools ● Discuss some key Xen Project security features ● Get you started in the right direction toward securing your Xen Project Hypervisor installation
  • 4. Presentation Outline ● A few thoughts on the problem of securing the Cloud ● Overview of the Xen Project architecture ● Brief introduction to the principles of security analysis ● Examine some of the attack surfaces and the Xen Project features we can use to mitigate them: – Driver Domains – PVgrub – Stub Domains – Paravirtualization (PV) versus Hardware Virtualization (HVM) – FLASK example policy
  • 5. Introduction: Xen Project, The Cloud, and Security
  • 6. Introduction: Xen Project and Security ● Xen Project produces an enterprise-grade Type 1 hypervisor ● Built for the cloud before it was called cloud ● A number of advanced security features – Driver domains, stub domains, FLASK, and more – Most of them are not (or cannot) be turned on by default – Although they can be simple to use, sometimes they appear complicated
  • 7. The Cloud Security Conundrum ● Cloud Security: The 800lb Gorilla in the room – Nothing generates more fear in specific, and FUD in general – Probably the single greatest barrier to Cloud adoption – Immediately behind it is the inability to get out of the 20th century IT mindset – Must get past the “Change is Bad” concept of 1980 – Cloud is about embracing change at a rapid pace The good news: the “Gorilla” is actually a “Red Herring” ● ● We don't need to fear it – we just need to solve it
  • 8. Cloud Security: New Visibility to an Old Problem ● ● ● ● Security has always been an IT issue Putting a truly secure system in the open does not reduce its security, it just increases the frequency of attack Unfortunately, system security behind the firewall has not always been comprehensive Having solutions in an external cloud forces us to solve the security issues we should have already solved News Flash: Security Through Obscurity is Dead
  • 9. Use Security by Design, Not by Wishful Thinking ● Security by wishful thinking no longer works – – Addressing security in one area while ignoring others is NOT good enough – ● Merely hoping that your firewall holds off the marauding hordes is NOT good enough Saying, “We never had a problem before” is NOT good enough Comprehensive security starts with design – It needs to be planned carefully and thought through – It needs to be implemented at multiple levels – It needs components which are themselves securable
  • 10. Xen Project: Security by Design ● Xen Project was designed for clouds before the term “cloud” was ever coined in the industry – http://www.cl.cam.ac.uk/research//srg/netos/xeno/publ ications.html Xen Project is designed to thwart attacks from many attack vectors, using different defensive techniques – ● Designers foresaw the day of “infrastructure for wide-area distributed computing” which we now call “the cloud”
  • 11. Basic Architecture of the Xen Project Hypervisor
  • 12. Hypervisor Architectures Type 1: Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. VMn VM1 VM0 Guest OS and Apps Hypervisor Host HW Device Drivers/ Models I/O Memory Scheduler MMU CPUs Provides partition isolation + reliability, higher security
  • 13. Hypervisor Architectures Type 1: Bare metal Hypervisor Type 2: OS ‘Hosted’ A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment. VMn VM1 VM0 User-level VMM User Apps Device Models Guest OS and Apps Hypervisor Host HW I/O Memory Scheduler MMU CPUs Provides partition isolation + reliability, higher security Device Drivers Host HW VM0 Guest OS and Apps Host OS Device Drivers/ Models VMn VM1 I/O Ring-0 VM Monitor “Kernel “ Memory CPUs Low cost, no additional drivers Ease of use and installation
  • 14. Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor VMn VM1 VM0 Guest OS and Apps Hypervisor Host HW Device Drivers/ Models I/O Memory Scheduler MMU CPUs
  • 15. Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor XEN Architecture VMn VM1 VMn VM1 VM0 Guest OS and Apps Hypervisor Host HW Device Drivers/ Models I/O Memory VM0 Guest OS and Apps Scheduler MMU CPUs MMU Scheduler Host HW I/O Memory CPUs
  • 16. Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor VMn VM1 VM0 Guest OS and Apps Hypervisor Host HW Device Drivers/ Models I/O Memory Scheduler MMU CPUs XEN Architecture Control domain (dom0) VMn VM1 Device Models VM0 Drivers Guest OS and Apps Linux & BSD MMU Scheduler Host HW I/O Memory CPUs
  • 19. An Approach to Security Thinking ● Threat models: – – ● Attacker can access network Attacker controls one Guest VM Security considerations to evaluate: – – What is the interface like? (e.g., pointers vs scalars) – ● How much code is accessible? Defense-in-depth: how many rings of defense surround you? Then combine security tactics to secure the installation – There is no single "magic bullet" – Individual tactics reduce danger; combined tactics go farther
  • 20. Example System For This Discussion ● Hardware setup – – ● Two networks: one Control network, one Guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) to allow for full hardware virtualization (HVM) Default configuration – Network drivers in the Control Domain (aka "Domain 0" or just "Dom0") – Paravirtualized (PV) guests using PyGrub (grub-like boot utility within context of Guest Domain) – Hardware Virtualized (HVM) guests using Qemu (as the device model) running in the Control Domain
  • 23. Attack Surface: Network Path ● Where might an exploit focus? – Bugs in hardware driver – Bugs in bridging / filtering – Bugs in netback (via the ring protocol) ● ● Netback and Netfront are part of the Paravirtualization mode Note the exploits – The main exploits exist already, even in hardware – The netback surface is very small, but needs to be acknowledged – When these are attacked in hardware, you have deep trouble – You actually have better defense in the VM than in hardware
  • 24. Result: Network Path Compromised
  • 25. Result: Network Path Compromised Vulnerability Analysis: What could a successful exploit yield? Control of Domain 0 kernel This could lead to the control of the whole system
  • 27. Security Feature: Driver Domains ● What is a Driver Domain? – Unprivileged VM which drives hardware – It provides driver access to guest VMs – Very limited scope; not a full operating system – Does not have the access or capability of a full VM
  • 28. Result: Driver Domain Compromised
  • 29. Result: Driver Domain Compromised ● Now a successful exploit could yield: – Control of the Driver Domain (Paravirtualization hypercall interface) ● – But the Driver Domain is limited: no shell, no utilities Control of that guest's network traffic ● But in the cloud, most orchestrators detect network traffic failure ● The problem is not allowed to stand very long – Control of the network interface card (NIC) – An opportunity to attack the netfront of other guest VMs ● But to take advantage of this platform, you need to launch another attack ● Compound attacks are complex, and they take time which you may not have
  • 30. Basic How To: Driver Domains ● Create a VM with appropriate drivers – ● Use any distribution suitable as a Control Domain Install the Xen Project hotplug scripts – Just installing the Xen Project tools in the VM is usually good enough ● Give the VM access to the physical NIC with PCI passthrough ● Configure the network topology in the Driver Domain – Just like you would for the Control Domain
  • 31. Basic How To: Driver Domains ● Configure the guest Virtual Network Interface (vif) to use the new domain ID – Add “backend=domnet” to vif declaration vif = [ 'type=pv, bridge=xenbr0, backend=domnet' ] Detailed Info http://wiki.xenproject.org/wiki/Driver_Domain
  • 32. Attacking the PyGrub Boot Loader
  • 34. Attack Surface: PyGrub ● What is PyGrub? – – ● “grub” implementation for Paravirtualized guests A Python program running in Control Domain What does it do? – It reads the guest VM's filesystem – It parses grub.conf – It displays a boot menu to the user – It passes the selected kernel image to domain builder
  • 36. Attack Surface: PyGrub ● Where might an exploit focus? – – Bugs in menu parser – ● Bugs in file system parser Bugs in domain builder Again, note the exploits – Forms of these exist in hardware as well – But hardware doesn't have as many options to combat the situation
  • 38. Result: PyGrub Compromised Vulnerability Analysis: What could a successful exploit yield? Control of Domain 0 user space This could lead to the control of the whole system
  • 40. Security Feature: Fixed Kernels ● What is a fixed kernel? – Passing a known-good kernel from Control Domain ● ● – ● No longer allows a user to choose the kernel Best practice for anything in production Removes attacker avenue to domain builder Disadvantages – Host administrator must keep up with kernel updates – Guest admin can't pass kernel parameters or custom kernels
  • 42. Security Feature: PVgrub ● What is PVgrub? – MiniOS plus the Paravirtualized port of “grub” running in a guest context – Paravirtualized equivalent of Hardware Virtualized combination of BIOS plus grub
  • 43. Result: PVgrub Compromised Vulnerability Analysis: Now a successful exploit could yield: Control of the attacked Guest Domain alone Control Domain is no longer at risk
  • 44. Basic HowTo: PVgrub ● Make sure that you have the PVgrub image – – Normally lives in “/usr/lib/xen/boot” – Debian, SLES: Currently need to build for yourself – ● “pvgrub-$ARCH.gz” Included in Fedora Xen Project packages Use appropriate PVgrub as bootloader in guest configuration: – kernel="/usr/lib/xen/boot/pvgrub-x86_32.gz" See http://wiki.xenproject.org/wiki/Pvgrub
  • 45. Attacking the Qemu Device Model
  • 46. Attack Surface: Device Model (Qemu)
  • 47. Attack Surface: Device Model (Qemu) ● What is Qemu? – – ● In other contexts, a virtualization provider In the Xen Project context, a provider of needed device models Where might an exploit focus? – Bugs in NIC emulator parsing packets – Bugs in emulation of virtual devices
  • 48. Result: Device Model Compromised Vulnerability Analysis: What could a successful exploit yield? Control Domain privileged user space This could lead to the control of the whole system
  • 49. Security Feature: Qemu Stub Domains ● What is a stub domain? – Stub domain: a small “service'' domain running just one application – Qemu stub domain: run each Qemu in its own domain
  • 50. Result: Stub Domain Compromised Vulnerability Analysis: Now a successful exploit could yield: Control only of the stub domain VM (which, if FLASK is employed, is a relatively small universe) You need to devise another attack entirely to do anything more significant
  • 51. Basic HowTo: Qemu Stub Domains ● Make sure that you have the ioemu image: – – Normally lives in “/usr/lib/xen/boot” – SUSE SLES, currently need to build it yourself (SLES 12?) – Included in Fedora Xen Project packages – ● “ioemu-$ARCH.gz” On Debian (and offshoots), you will need to build it yourself Specify stub domains in your guest configuration: device_model_stubdomain_override = 1 Detailed Info http://wiki.xenproject.org/wiki/Device_Model_Stub_Domains
  • 53. Attack Surface: The Hypervisor Itself ● Where might an exploit focus? – On Paravirtualized (PV) Guests: – PV Hypercalls On full Hardware Virtualized (HVM) Guests: ● HVM hypercalls (Subset of PV hypercalls) ● Instruction emulation (MMIO, shadow pagetables) ● Emulated platform devices: APIC, HPET, PIT ● Nested virtualization Security practice: Use PV VMs whenever possible ● ●
  • 54. Using the Xen Project Security Module
  • 55. Security Feature: FLASK Policy ● What is FLASK? – Xen Security Module (XSM): Xen Project equivalent of LSM – FLASK: FLux Advanced Security Kernel – Framework for XSM developed by NSA – Xen Project equivalent of SELinux – Uses same concepts and tools as SELinux – Allows a policy to restrict hypercalls
  • 56. Security Feature: FLASK Policy ● What can FLASK do? – – ● Basic: Restricts hypercalls to those needed by a particular guest Advanced: Allows more fine-grained granting of privileges FLASK example policy – This contains example roles for the Control Domain (dom0), User/Guest Domain(domU), stub domains, driver domains, etc. – Make sure you TEST the example policy in your environment BEFORE putting it into production! NOTE: As an example policy, it is not as rigorously tested as other parts of Xen during release; make sure it is suitable for you
  • 57. Basic HowTo: FLASK Example Policy ● Build Xen Project software with XSM enabled ● Build the example policy ● Add the appropriate label to guest config files: – “seclabel=[foo]” – “stubdom_label=[foo]” Detailed Info http://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK
  • 59. Xen Project + ARM = A Perfect Match ARM Architecture Features for Virtualization ARM SOC User mode : EL0 Device Tree describes … Kernel mode : EL1 I/O Hypercall Interface HVC GT GIC v2 2 stage MMU Hypervisor mode : EL2
  • 60. Xen Project + ARM = A Perfect Match ARM Architecture Features for Virtualization ARM SOC EL0 Device Tree describes … EL1 I/O HVC GT GIC v2 2 stage MMU EL2 Xen Project Hypervisor
  • 61. Xen Project + ARM = A Perfect Match ARM Architecture Features for Virtualization ARM SOC Any Xen Project Guest VM (including Dom0) Project Guest VM (including Dom0) EL0 User Space User Space Device Tree describes … Kernel Kernel EL1 I/O HVC GT GIC v2 2 stage MMU EL2 Xen Project Hypervisor
  • 62. Xen Project + ARM = A Perfect Match ARM Architecture Features for Virtualization ARM SOC Dom0 Dom0 only Any Xen Project Guest VM (including Dom0) Project Guest VM (including Dom0) EL0 User Space User Space Device Tree describes … Kernel Kernel PV back I/O PV EL1 front HVC GT GIC v2 2 stage MMU EL2 Xen Project Hypervisor
  • 63. ARM: Right Solution for Security ● Stays in ARM Hypervisor Mode – – Because Xen Project's architecture maps so well to the ARM architecture, the hypervisor never has to use Kernel mode – Other hypervisors have to flip back and forth between modes – If a hypervisor has to enter Kernel mode, it loses the security of running in a privileged mode, isolated from the rest of the system – ● The ARM architecture has separate Hypervisor and Kernel modes This is a non-issue with the Xen Project Hypervisor on ARM Does not need to use device emulation – No emulation means a smaller attack surface for bad guys
  • 64. For More Information... Detailed Info http://wiki.xenproject.org/wiki/Securing_Xen Thanks to George Dunlap for supplying much of the information presented here, and Stefano Stabellini for ARM information Center of the Xen Project universe: http://www.XenProject.org/ Contact me at russell.pavlicek@xenproject.org Thank You!