Xen devel - Jan 2012 - Questions about attacks on Xen

I have some questions about attacks on Xen. I am preparing a paper for
an operating system we have built on top of Xen and I want to ensure
we have certain facts straight.  Among the things I have read include
"Xen and the Art of Virtualization" and the XOAR paper.

First, what power does Dom0 have? Of course I know that Dom0 manages
the other domains and has direct access to hardware. I know that Dom0
can not directly access the Xen hypervisor code in memory (except in
the case of attacks using DMA on IOMMU-less systems). But what about
Dom0 accessing DomU memory once the domain is running?

For isolation, our operating system encrypts all network traffic and disk
I/O. We have also postulated that we could do the same of keyboard/display
I/O. We can use vTPM to ensure trusted initialization. Are there other
attack vectors other than Dom0 handling memory destined to or from an I/O
device? Could Dom0 violate our DomU by directly accessing its memory? Are
there any facilities in Xen 4 for restricting this? Where could I read
more about this?

Thank you. I appreciate any responses, especially recommended reading.

-- 
Mike

:wq

> 
> I have some questions about attacks on Xen. I am preparing a paper for an
> operating system we have built on top of Xen and I want to ensure we have
> certain facts straight.  Among the things I have read include "Xen and
the Art
> of Virtualization" and the XOAR paper.
> 
> First, what power does Dom0 have? Of course I know that Dom0 manages
> the other domains and has direct access to hardware. I know that Dom0 can
> not directly access the Xen hypervisor code in memory (except in the case
of
> attacks using DMA on IOMMU-less systems). But what about
> Dom0 accessing DomU memory once the domain is running?
> 
> For isolation, our operating system encrypts all network traffic and disk
I/O.
> We have also postulated that we could do the same of keyboard/display I/O.
> We can use vTPM to ensure trusted initialization. Are there other attack
> vectors other than Dom0 handling memory destined to or from an I/O
> device? Could Dom0 violate our DomU by directly accessing its memory? Are
> there any facilities in Xen 4 for restricting this? Where could I read more
> about this?
> 
> Thank you. I appreciate any responses, especially recommended reading.
> 
Dom0 has total power over DomU. I would say that you cannot be secure if you run
on a machine with a "hostile" dom0 that your "secure" domU
does not trust. For a start, the ''xm save'' command writes out
the entire DomU memory to a disk file, so you can already see that Dom0 has
access to all DomU memory and CPU state, by design.

Every time DomU does network or disk access, it must pass an entire page of
memory to Dom0, even if only part of that page is used, so there is a constant
potential ''leak'' of information from DomU to Dom0 in terms of
the parts of that page that belong to other processes in DomU.

James