Greetings all: Just a general question for the group at large. I find myself in the position of fighting a lot of vague "cloud security issues". The question is, has anyone ever seen a VM break into the Xen hypervisor layer and presumably break into another VM? I'm not talking about an external attack on the Dom0, I'm talking about an internal attack through the DomU's connection to the hypervisor. Vern Sent from my BlackBerry® wireless device from U.S. Cellular _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I''ve never seen it happen, but according to the various security bulletins that have come out on the xen kernels that come from RedHat it can happen. What I have done myself is by nasty I/O inside the domU to crash not only the domU but panic the dom0 that is hosting it too. I think that is the bigger risk. Much of this stuff if I understand correctly is due to vulnerabilities in the virtual machines layer of the hardware itself. Steve On Tue, 16 Mar 2010, Vern Burke wrote:> Greetings all: > Just a general question for the group at large. I find myself in the position of fighting a lot of vague "cloud security issues". > > The question is, has anyone ever seen a VM break into the Xen hypervisor layer and presumably break into another VM? I''m not talking about an external attack on the Dom0, I''m talking about an internal attack through the DomU''s connection to the hypervisor. > > Vern > Sent from my BlackBerry® wireless device from U.S. Cellular >-- ------------------------------------------------------------------ Steven C. Timm, Ph.D (630) 840-8525 timm@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
The ability of a misbehaved DomU to crash the Dom0 isn't a pretty idea, but I can't imagine it would expose unauthorised user data, which seems to be what the big worry is about. Vern ------Original Message------ From: Steven Timm To: Vern Burke Cc: xen-users@lists.xensource.com Subject: Re: [Xen-users] XCP/Xen security Sent: Mar 15, 2010 21:40 I've never seen it happen, but according to the various security bulletins that have come out on the xen kernels that come from RedHat it can happen. What I have done myself is by nasty I/O inside the domU to crash not only the domU but panic the dom0 that is hosting it too. I think that is the bigger risk. Much of this stuff if I understand correctly is due to vulnerabilities in the virtual machines layer of the hardware itself. Steve On Tue, 16 Mar 2010, Vern Burke wrote:> Greetings all: > Just a general question for the group at large. I find myself in the position of fighting a lot of vague "cloud security issues". > > The question is, has anyone ever seen a VM break into the Xen hypervisor layer and presumably break into another VM? I'm not talking about an external attack on the Dom0, I'm talking about an internal attack through the DomU's connection to the hypervisor. > > Vern > Sent from my BlackBerry® wireless device from U.S. Cellular >-- ------------------------------------------------------------------ Steven C. Timm, Ph.D (630) 840-8525 timm@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader. Sent from my BlackBerry® wireless device from U.S. Cellular _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, March 16, 2010 1:47 am, Vern Burke wrote:> The ability of a misbehaved DomU to crash the Dom0 isn''t a pretty idea, > but I can''t imagine it would expose unauthorised user data, which seems to > be what the big worry is about. > > VernIIRC, didn''t pvgrub come about because of exactly this issue and because the only practical way of breaking out of the domU was by exploiting the fact that pygrub loads code from the domU in the dom0 before handing off control to it? HTH, Matt. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users