Xen devel - Jul 2009 - question about XSM hooks

1. did XSM hooks are placed in the source code of xen manually?
As we all know, the hooks are used to insert authorization checks on the
security-critical operation, now my question is,
2. how to identify security-critical operation? 
security-critical operations are inter-VM communication and cooperation
implementing on top of shared virtual resources,
3. does the XSM hooks cover all the operations completely?
thanks.



tianshuo06
2009-07-22


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> 1. did XSM hooks are placed in the source code of xen manually?
Yes.
> 2. how to identify security-critical operation? 
This is why the answer to 1 is yes. It requires reasoning about what different 
security policies might want to enforce, what might be exploitable or could lead
to convert channels, etc.
> 3. does the XSM hooks cover all the operations completely?
Probably not. Certainly not with new features, anyway.


Patrick

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel