SlideShare une entreprise Scribd logo
1  sur  150
Télécharger pour lire hors ligne
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Securing your cloud with Xen’s advanced security
features
George Dunlap

Edinburgh – 21-23 October, 2013
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Xen: an open-source, enterprise-grade, type I
hypervisor
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

2 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Built for the Cloud before it was called the Cloud
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

2 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Advanced security features

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

3 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

4 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen
Know some key security features of Xen

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

4 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen
Know some key security features of Xen
Equipped with the knowledge to get them working

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

4 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains
PV vs HVM

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains
PV vs HVM
FLASK example policy

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

5 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Xen Architecture
dom 0

device model
(qemu)
toolstack

Hardware
Drivers

netback
blkback

Paravirtualized
(PV)
Domain
netfront
blkfront

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
I/O Devices

Edinburgh – 21-23 October, 2013

CPU

Memory

Hardware

Securing your cloud with Xen’s advanced security features

6 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Threat Model

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

7 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Threat Model
Attacker can access guest network

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

7 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Threat Model
Attacker can access guest network
Attacker controls one guest OS

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

7 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Security considerations
How much code is accessible?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

8 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Security considerations
How much code is accessible?
What is the interface like?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

8 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Security considerations
How much code is accessible?
What is the interface like?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

8 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security Overview

Security considerations
How much code is accessible?
What is the interface like?
Defense-in-depth

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

8 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2)

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2)

Default configuration

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2)

Default configuration
Network drivers in dom0

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2)

Default configuration
Network drivers in dom0
PV guests with pygrub

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Example System

Hardware setup
Two networks: control network, guest network
IOMMU with interrupt remapping (AMD or Intel VT-d v2)

Default configuration
Network drivers in dom0
PV guests with pygrub
HVM guests with qemu running in domain 0

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

9 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

How to break in?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

10 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

How to break in?
Bugs in hardware driver

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

10 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

How to break in?
Bugs in hardware driver
Bugs in bridging / filtering

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

10 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

How to break in?
Bugs in hardware driver
Bugs in bridging / filtering
Bugs in netback via the ring protocol
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

10 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

What does it buy you?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

11 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

What does it buy you?
Control of domain 0 kernel

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

11 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Network path
dom 0

toolstack

Domain
netfront

iptables

bridge
Rogue
Domain

NIC
Driver

netback

netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

What does it buy you?
Control of domain 0 kernel
Pretty much control of the whole system

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

11 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

What is it?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

12 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

What is it?
Unprivileged VM which drives hardware, provides access to
guests

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

12 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

Now an exploit buys you:

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

13 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

Now an exploit buys you:
Control of a PV VM (PV hypercall interface)

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

13 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

Now an exploit buys you:
Control of a PV VM (PV hypercall interface)
Guest network traffic

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

13 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

Now an exploit buys you:
Control of a PV VM (PV hypercall interface)
Guest network traffic
Control of NIC
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

13 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: Driver Domains
dom 0

Domain

toolstack

netfront

Driver Domain
iptables
NIC
Driver

NIC
Driver

bridge

netback

Rogue
Domain
netfront

Xen Hypervisor
Control NIC

Guest NIC

Hardware

Now an exploit buys you:
Control of a PV VM (PV hypercall interface)
Guest network traffic
Control of NIC
Opportunity to attack netfront of other guests
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

13 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain
Just like you would for dom0

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain
Just like you would for dom0

Configure the guest vif to use the new domain ID

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain
Just like you would for dom0

Configure the guest vif to use the new domain ID
Add backend=domnet to vif declaration

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain
Just like you would for dom0

Configure the guest vif to use the new domain ID
Add backend=domnet to vif declaration

vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ]

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Driver Domains
Create a VM with appropriate drivers
Any distro supporting dom0 should do

Install the xen-related hotplug scripts
Just installing the xen tools in the VM is usually good enough

Give the VM access to the physical NIC with PCI pass-through
Configure the network topology in the driver domain
Just like you would for dom0

Configure the guest vif to use the new domain ID
Add backend=domnet to vif declaration

vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ]
http://wiki.xen.org/wiki/Driver Domain

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

14 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

15 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
grub implementation for PV guests

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

15 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
grub implementation for PV guests
Python program running in domain 0

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

15 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
grub implementation for PV guests
Python program running in domain 0
Reads guest FS, parses grub.conf, presents menu
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

15 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
grub implementation for PV guests
Python program running in domain 0
Reads guest FS, parses grub.conf, presents menu
Passes resulting kernel image to domain builder
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

15 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
How to break in?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

16 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
How to break in?
Bugs in file system parser

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

16 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
How to break in?
Bugs in file system parser
Bugs in menu parser

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

16 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
How to break in?
Bugs in file system parser
Bugs in menu parser
Bugs in kernel / initrd image parsers
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

16 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

kernel

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What does it buy you?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

17 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

kernel

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What does it buy you?
Control of domain 0 user space

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

17 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Pygrub
dom 0

toolstack
domain
builder
pygrub

kernel

Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What does it buy you?
Control of domain 0 user space
Pretty much control of the whole system

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

17 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

18 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
Passing a known-good kernel from domain 0

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

18 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
What is it?
Passing a known-good kernel from domain 0

Removes attacker avenue to domain builder
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

18 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
Disadvantages

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

19 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
Disadvantages
Host admin must keep up with kernel updates

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

19 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security practice: Fixed kernels
dom 0
kernel
image

toolstack
domain
builder
Paravirtualized
(PV)
Domain
guest
disk

Xen Hypervisor
Disadvantages
Host admin must keep up with kernel updates
Guest admin can’t pass kernel parameters, custom kernels,

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

19 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: pvgrub
dom 0

toolstack
domain
builder
pvgrub
MiniOS
guest
disk

Xen Hypervisor
What is it?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

20 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: pvgrub
dom 0

toolstack
domain
builder
pvgrub
MiniOS
guest
disk

Xen Hypervisor
What is it?
MiniOS + pv port of grub running in a guest context

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

20 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: pvgrub
dom 0

toolstack
domain
builder
pvgrub
MiniOS
guest
disk

Xen Hypervisor
What is it?
MiniOS + pv port of grub running in a guest context
PV equivalent of HVM “BIOS + grub”

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

20 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: pvgrub
dom 0

toolstack
domain
builder
pvgrub
MiniOS
guest
disk

Xen Hypervisor
What is it?
MiniOS + pv port of grub running in a guest context
PV equivalent of HVM “BIOS + grub”

Now an exploit buys you:
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

20 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: pvgrub
dom 0

toolstack
domain
builder
pvgrub
MiniOS
guest
disk

Xen Hypervisor
What is it?
MiniOS + pv port of grub running in a guest context
PV equivalent of HVM “BIOS + grub”

Now an exploit buys you:
Control of your own VM
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

20 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Use appropriate pvgrub as kernel in guest config

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Use appropriate pvgrub as kernel in guest config
kernel=”/usr/lib/xen/boot/pvgrub-x86 32.gz”

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: pvgrub

Make sure that you have the pvgrub image
pvgrub-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Use appropriate pvgrub as kernel in guest config
kernel=”/usr/lib/xen/boot/pvgrub-x86 32.gz”
http://wiki.xen.org/wiki/Pvgrub

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

21 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack

Hardware
Drivers

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
How to break in?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

22 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
How to break in?
Bugs in NIC emulator parsing packets

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

22 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
How to break in?
Bugs in NIC emulator parsing packets
Bugs in emulation of virtual devices

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

22 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
What does it buy you?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

23 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
What does it buy you?
Domain 0 privileged userspace

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

23 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
What does it buy you?
Domain 0 privileged userspace
Pretty much control of the whole system

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

23 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
What does it buy you?
Domain 0 privileged userspace
Pretty much control of the whole system

Not hypothetical
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

23 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack surface: Device model (qemu)
dom 0

device model
(qemu)
toolstack
Fully
Virtualized
(HVM)
Domain

Hardware
Drivers

Xen Hypervisor
What does it buy you?
Domain 0 privileged userspace
Pretty much control of the whole system

Not hypothetical
Three exploitable bugs found in qemu last 2 years
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

23 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

Hardware
Drivers

device
model
minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
What is it?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

24 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

Hardware
Drivers

device
model
minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
What is it?
Stub domain: a small “service” domain running just one
application

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

24 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

Hardware
Drivers

device
model
minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
What is it?
Stub domain: a small “service” domain running just one
application
qemu stub domain: run each qemu in its own domain
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

24 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

device
model

Hardware
Drivers

minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
Now an exploit buys you:

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

25 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

device
model

Hardware
Drivers

minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
Now an exploit buys you:
Control of the stubom VM

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

25 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: qemu stub domains
dom 0

toolstack
Stub Domain

device
model

Hardware
Drivers

minios

Fully
Virtualized
(HVM)
Domain

Xen Hypervisor
Now an exploit buys you:
Control of the stubom VM
Access to PV interfaces

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

25 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Specify stub domains in your guest config

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Specify stub domains in your guest config
device model stubdomain override = 1

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: qemu stub domains

Make sure that you have the stubdom image:
ioemu-$ARCH.gz
Normally lives in /usr/lib/xen/boot
Included in Fedora Xen packages
Debian-based: need to build yourself

Specify stub domains in your guest config
device model stubdomain override = 1
http://wiki.xen.org/wiki/Device Model Stub Domains

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

26 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

PV guests

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

PV guests
PV Hypercalls

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

PV guests
PV Hypercalls
Shared address space

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

PV guests
PV Hypercalls
Shared address space

Survey of security updates looks statistically similar

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Attack Surface: Xen

HVM guests
HVM hypercalls (Subset of PV hypercalls)
Instruction emulation (MMIO, shadow pagetables)
Emulated platform devices: APIC, HPET, PIT
Nested virtualization

PV guests
PV Hypercalls
Shared address space

Survey of security updates looks statistically similar
Security practice: If you can’t use stub domains, use PV VMs

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

27 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?
Xen Security Module (XSM): Xen equivalent of LSM

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?
Xen Security Module (XSM): Xen equivalent of LSM
FLASK: Framework for XSM developed by NSA

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?
Xen Security Module (XSM): Xen equivalent of LSM
FLASK: Framework for XSM developed by NSA
Xen Equivalent of SELinux

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?
Xen Security Module (XSM): Xen equivalent of LSM
FLASK: Framework for XSM developed by NSA
Xen Equivalent of SELinux
Uses same concepts, tools as SELinux

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What is FLASK?
Xen Security Module (XSM): Xen equivalent of LSM
FLASK: Framework for XSM developed by NSA
Xen Equivalent of SELinux
Uses same concepts, tools as SELinux
Allows a policy to restrict hypercalls
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

28 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What can FLASK do?

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

29 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What can FLASK do?
Basic: Restricts hypercalls to those needed by a particular
guest

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

29 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What can FLASK do?
Basic: Restricts hypercalls to those needed by a particular
guest
Advanced: Allows more fine-grained granting of privileges

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

29 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What can FLASK do?
Basic: Restricts hypercalls to those needed by a particular
guest
Advanced: Allows more fine-grained granting of privileges

FLASK example policy

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

29 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Security feature: FLASK example policy

What can FLASK do?
Basic: Restricts hypercalls to those needed by a particular
guest
Advanced: Allows more fine-grained granting of privileges

FLASK example policy
This contains example roles for dom0, domU, stub domains,
driver domains, &c
Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

29 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy
Add the appropriate label to guest config files

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy
Add the appropriate label to guest config files
seclabel=[foo]

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy
Add the appropriate label to guest config files
seclabel=[foo]
stubdom label=[foo]

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy
Add the appropriate label to guest config files
seclabel=[foo]
stubdom label=[foo]

http://wiki.xen.org/wiki/Xen Security Modules : XSMFLASK

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

HowTo: Use the example FLASK policy

Build Xen with XSM enabled
Build the example policy
Add the appropriate label to guest config files
seclabel=[foo]
stubdom label=[foo]

http://wiki.xen.org/wiki/Xen Security Modules : XSMFLASK
WARNING: In 4.3, the example policy not extensively tested.
Use with care!

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

30 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains
PV vs HVM

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Outline

Overview of the Xen architecture
Brief introduction to principles of security analysis
Consider some attack surfaces
Xen features we can use to make them more secure
Driver domains
pvgrub
stub domains
PV vs HVM
FLASK example policy

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

31 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

32 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen
Know some key security features of Xen

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

32 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Goal

Tools to think about security in Xen
Know some key security features of Xen
Equipped with the knowledge to get them working

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

32 / 33
Intro

Network path

Bootloader

Device model

Xen

Conclusion

Questions

Questions?
More info at http://wiki.xen.org/wiki/Securing Xen
Check out our blog: http://blog.xen.org/

Edinburgh – 21-23 October, 2013

Securing your cloud with Xen’s advanced security features

33 / 33

Contenu connexe

Tendances

Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
 
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...The Linux Foundation
 
Securing your cloud with Xen's advanced security features
Securing your cloud with Xen's advanced security featuresSecuring your cloud with Xen's advanced security features
Securing your cloud with Xen's advanced security featuresThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Russell Pavlicek
 
Using and Understanding Xen4Centos
Using and Understanding Xen4CentosUsing and Understanding Xen4Centos
Using and Understanding Xen4CentosThe Linux Foundation
 
BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform The Linux Foundation
 
Getting Started with XenServer and OpenStack.pptx
Getting Started with XenServer and OpenStack.pptxGetting Started with XenServer and OpenStack.pptx
Getting Started with XenServer and OpenStack.pptxOpenStack Foundation
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Russell Pavlicek
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...The Linux Foundation
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 

Tendances (20)

Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
 
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...
 
Securing your cloud with Xen's advanced security features
Securing your cloud with Xen's advanced security featuresSecuring your cloud with Xen's advanced security features
Securing your cloud with Xen's advanced security features
 
OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 OSCON14: Mirage 2.0
OSCON14: Mirage 2.0
 
BSDcon Asia 2015: Xen on FreeBSD
BSDcon Asia 2015: Xen on FreeBSDBSDcon Asia 2015: Xen on FreeBSD
BSDcon Asia 2015: Xen on FreeBSD
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slides
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
 
Why xen slides
Why xen slidesWhy xen slides
Why xen slides
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)
 
Xen time machine
Xen time machineXen time machine
Xen time machine
 
Using and Understanding Xen4Centos
Using and Understanding Xen4CentosUsing and Understanding Xen4Centos
Using and Understanding Xen4Centos
 
BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform BACD July 2012 : The Xen Cloud Platform
BACD July 2012 : The Xen Cloud Platform
 
Getting Started with XenServer and OpenStack.pptx
Getting Started with XenServer and OpenStack.pptxGetting Started with XenServer and OpenStack.pptx
Getting Started with XenServer and OpenStack.pptx
 
Performance Tuning Xen
Performance Tuning XenPerformance Tuning Xen
Performance Tuning Xen
 
LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and Beyond
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)
 
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...
 
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...
 
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionLinaro Connect Asia 13 : Citrix - Xen on ARM plenary session
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary session
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 

Similaire à LCEU13: Securing your cloud with Xen's advanced security features - George Dunlap, Citrix

Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis
 
Build-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenBuild-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenThe Linux Foundation
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppthalosidiq1
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneThe Linux Foundation
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmDocker, Inc.
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1KlaraOrban
 
Europe Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud servicesEurope Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud servicesRuncy Oommen
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the LineThe Linux Foundation
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
 
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...José Ferreiro
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsteam-WIBU
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorThe Linux Foundation
 

Similaire à LCEU13: Securing your cloud with Xen's advanced security features - George Dunlap, Citrix (20)

Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
 
Build-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with XenBuild-a-Cloud Day - Securing Your Cloud with Xen
Build-a-Cloud Day - Securing Your Cloud with Xen
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppt
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarm
 
Container security
Container securityContainer security
Container security
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks Shop
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen Hypervisor
 
Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1Encode x NEAR: Technical Overview of NEAR 1
Encode x NEAR: Technical Overview of NEAR 1
 
Europe Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud servicesEurope Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud services
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdf
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
Setting up a private cloud for academic environment with OSS by Zoran Pantic ...
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
 
LFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project HypervisorLFNW2014 Advanced Security Features of Xen Project Hypervisor
LFNW2014 Advanced Security Features of Xen Project Hypervisor
 

Plus de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

Plus de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Dernier

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Dernier (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

LCEU13: Securing your cloud with Xen's advanced security features - George Dunlap, Citrix

  • 1. Intro Network path Bootloader Device model Xen Conclusion Securing your cloud with Xen’s advanced security features George Dunlap Edinburgh – 21-23 October, 2013
  • 2. Intro Network path Bootloader Device model Xen Conclusion Xen: an open-source, enterprise-grade, type I hypervisor Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 2 / 33
  • 3. Intro Network path Bootloader Device model Xen Conclusion Built for the Cloud before it was called the Cloud Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 2 / 33
  • 4. Intro Network path Bootloader Device model Xen Conclusion Advanced security features Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 3 / 33
  • 5. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 4 / 33
  • 6. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Know some key security features of Xen Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 4 / 33
  • 7. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Know some key security features of Xen Equipped with the knowledge to get them working Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 4 / 33
  • 8. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 9. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 10. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 11. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 12. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 13. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 14. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 15. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains PV vs HVM Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 16. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains PV vs HVM FLASK example policy Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 5 / 33
  • 17. Intro Network path Bootloader Device model Xen Conclusion Xen Architecture dom 0 device model (qemu) toolstack Hardware Drivers netback blkback Paravirtualized (PV) Domain netfront blkfront Fully Virtualized (HVM) Domain Xen Hypervisor I/O Devices Edinburgh – 21-23 October, 2013 CPU Memory Hardware Securing your cloud with Xen’s advanced security features 6 / 33
  • 18. Intro Network path Bootloader Device model Xen Conclusion Security Overview Threat Model Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 7 / 33
  • 19. Intro Network path Bootloader Device model Xen Conclusion Security Overview Threat Model Attacker can access guest network Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 7 / 33
  • 20. Intro Network path Bootloader Device model Xen Conclusion Security Overview Threat Model Attacker can access guest network Attacker controls one guest OS Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 7 / 33
  • 21. Intro Network path Bootloader Device model Xen Conclusion Security Overview Security considerations How much code is accessible? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 8 / 33
  • 22. Intro Network path Bootloader Device model Xen Conclusion Security Overview Security considerations How much code is accessible? What is the interface like? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 8 / 33
  • 23. Intro Network path Bootloader Device model Xen Conclusion Security Overview Security considerations How much code is accessible? What is the interface like? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 8 / 33
  • 24. Intro Network path Bootloader Device model Xen Conclusion Security Overview Security considerations How much code is accessible? What is the interface like? Defense-in-depth Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 8 / 33
  • 25. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 26. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 27. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 28. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) Default configuration Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 29. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) Default configuration Network drivers in dom0 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 30. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) Default configuration Network drivers in dom0 PV guests with pygrub Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 31. Intro Network path Bootloader Device model Xen Conclusion Example System Hardware setup Two networks: control network, guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) Default configuration Network drivers in dom0 PV guests with pygrub HVM guests with qemu running in domain 0 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 9 / 33
  • 32. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware How to break in? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 10 / 33
  • 33. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware How to break in? Bugs in hardware driver Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 10 / 33
  • 34. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware How to break in? Bugs in hardware driver Bugs in bridging / filtering Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 10 / 33
  • 35. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware How to break in? Bugs in hardware driver Bugs in bridging / filtering Bugs in netback via the ring protocol Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 10 / 33
  • 36. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware What does it buy you? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 11 / 33
  • 37. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware What does it buy you? Control of domain 0 kernel Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 11 / 33
  • 38. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront iptables bridge Rogue Domain NIC Driver netback netfront Xen Hypervisor Control NIC Guest NIC Hardware What does it buy you? Control of domain 0 kernel Pretty much control of the whole system Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 11 / 33
  • 39. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware What is it? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 12 / 33
  • 40. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware What is it? Unprivileged VM which drives hardware, provides access to guests Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 12 / 33
  • 41. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now an exploit buys you: Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 13 / 33
  • 42. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now an exploit buys you: Control of a PV VM (PV hypercall interface) Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 13 / 33
  • 43. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now an exploit buys you: Control of a PV VM (PV hypercall interface) Guest network traffic Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 13 / 33
  • 44. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now an exploit buys you: Control of a PV VM (PV hypercall interface) Guest network traffic Control of NIC Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 13 / 33
  • 45. Intro Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables NIC Driver NIC Driver bridge netback Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now an exploit buys you: Control of a PV VM (PV hypercall interface) Guest network traffic Control of NIC Opportunity to attack netfront of other guests Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 13 / 33
  • 46. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 47. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 48. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 49. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 50. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 51. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 52. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Just like you would for dom0 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 53. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Just like you would for dom0 Configure the guest vif to use the new domain ID Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 54. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Just like you would for dom0 Configure the guest vif to use the new domain ID Add backend=domnet to vif declaration Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 55. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Just like you would for dom0 Configure the guest vif to use the new domain ID Add backend=domnet to vif declaration vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ] Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 56. Intro Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains Create a VM with appropriate drivers Any distro supporting dom0 should do Install the xen-related hotplug scripts Just installing the xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the driver domain Just like you would for dom0 Configure the guest vif to use the new domain ID Add backend=domnet to vif declaration vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ] http://wiki.xen.org/wiki/Driver Domain Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 14 / 33
  • 57. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 15 / 33
  • 58. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? grub implementation for PV guests Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 15 / 33
  • 59. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? grub implementation for PV guests Python program running in domain 0 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 15 / 33
  • 60. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? grub implementation for PV guests Python program running in domain 0 Reads guest FS, parses grub.conf, presents menu Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 15 / 33
  • 61. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? grub implementation for PV guests Python program running in domain 0 Reads guest FS, parses grub.conf, presents menu Passes resulting kernel image to domain builder Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 15 / 33
  • 62. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor How to break in? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 16 / 33
  • 63. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor How to break in? Bugs in file system parser Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 16 / 33
  • 64. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor How to break in? Bugs in file system parser Bugs in menu parser Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 16 / 33
  • 65. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor How to break in? Bugs in file system parser Bugs in menu parser Bugs in kernel / initrd image parsers Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 16 / 33
  • 66. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub kernel Paravirtualized (PV) Domain guest disk Xen Hypervisor What does it buy you? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 17 / 33
  • 67. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub kernel Paravirtualized (PV) Domain guest disk Xen Hypervisor What does it buy you? Control of domain 0 user space Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 17 / 33
  • 68. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Pygrub dom 0 toolstack domain builder pygrub kernel Paravirtualized (PV) Domain guest disk Xen Hypervisor What does it buy you? Control of domain 0 user space Pretty much control of the whole system Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 17 / 33
  • 69. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 18 / 33
  • 70. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? Passing a known-good kernel from domain 0 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 18 / 33
  • 71. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor What is it? Passing a known-good kernel from domain 0 Removes attacker avenue to domain builder Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 18 / 33
  • 72. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor Disadvantages Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 19 / 33
  • 73. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor Disadvantages Host admin must keep up with kernel updates Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 19 / 33
  • 74. Intro Network path Bootloader Device model Xen Conclusion Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor Disadvantages Host admin must keep up with kernel updates Guest admin can’t pass kernel parameters, custom kernels, Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 19 / 33
  • 75. Intro Network path Bootloader Device model Xen Conclusion Security feature: pvgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is it? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 20 / 33
  • 76. Intro Network path Bootloader Device model Xen Conclusion Security feature: pvgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is it? MiniOS + pv port of grub running in a guest context Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 20 / 33
  • 77. Intro Network path Bootloader Device model Xen Conclusion Security feature: pvgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is it? MiniOS + pv port of grub running in a guest context PV equivalent of HVM “BIOS + grub” Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 20 / 33
  • 78. Intro Network path Bootloader Device model Xen Conclusion Security feature: pvgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is it? MiniOS + pv port of grub running in a guest context PV equivalent of HVM “BIOS + grub” Now an exploit buys you: Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 20 / 33
  • 79. Intro Network path Bootloader Device model Xen Conclusion Security feature: pvgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is it? MiniOS + pv port of grub running in a guest context PV equivalent of HVM “BIOS + grub” Now an exploit buys you: Control of your own VM Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 20 / 33
  • 80. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 81. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 82. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 83. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 84. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 85. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Use appropriate pvgrub as kernel in guest config Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 86. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Use appropriate pvgrub as kernel in guest config kernel=”/usr/lib/xen/boot/pvgrub-x86 32.gz” Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 87. Intro Network path Bootloader Device model Xen Conclusion HowTo: pvgrub Make sure that you have the pvgrub image pvgrub-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Use appropriate pvgrub as kernel in guest config kernel=”/usr/lib/xen/boot/pvgrub-x86 32.gz” http://wiki.xen.org/wiki/Pvgrub Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 21 / 33
  • 88. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Hardware Drivers Fully Virtualized (HVM) Domain Xen Hypervisor How to break in? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 22 / 33
  • 89. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor How to break in? Bugs in NIC emulator parsing packets Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 22 / 33
  • 90. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor How to break in? Bugs in NIC emulator parsing packets Bugs in emulation of virtual devices Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 22 / 33
  • 91. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor What does it buy you? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 23 / 33
  • 92. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor What does it buy you? Domain 0 privileged userspace Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 23 / 33
  • 93. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor What does it buy you? Domain 0 privileged userspace Pretty much control of the whole system Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 23 / 33
  • 94. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor What does it buy you? Domain 0 privileged userspace Pretty much control of the whole system Not hypothetical Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 23 / 33
  • 95. Intro Network path Bootloader Device model Xen Conclusion Attack surface: Device model (qemu) dom 0 device model (qemu) toolstack Fully Virtualized (HVM) Domain Hardware Drivers Xen Hypervisor What does it buy you? Domain 0 privileged userspace Pretty much control of the whole system Not hypothetical Three exploitable bugs found in qemu last 2 years Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 23 / 33
  • 96. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain Hardware Drivers device model minios Fully Virtualized (HVM) Domain Xen Hypervisor What is it? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 24 / 33
  • 97. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain Hardware Drivers device model minios Fully Virtualized (HVM) Domain Xen Hypervisor What is it? Stub domain: a small “service” domain running just one application Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 24 / 33
  • 98. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain Hardware Drivers device model minios Fully Virtualized (HVM) Domain Xen Hypervisor What is it? Stub domain: a small “service” domain running just one application qemu stub domain: run each qemu in its own domain Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 24 / 33
  • 99. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain device model Hardware Drivers minios Fully Virtualized (HVM) Domain Xen Hypervisor Now an exploit buys you: Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 25 / 33
  • 100. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain device model Hardware Drivers minios Fully Virtualized (HVM) Domain Xen Hypervisor Now an exploit buys you: Control of the stubom VM Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 25 / 33
  • 101. Intro Network path Bootloader Device model Xen Conclusion Security feature: qemu stub domains dom 0 toolstack Stub Domain device model Hardware Drivers minios Fully Virtualized (HVM) Domain Xen Hypervisor Now an exploit buys you: Control of the stubom VM Access to PV interfaces Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 25 / 33
  • 102. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 103. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 104. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 105. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 106. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 107. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Specify stub domains in your guest config Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 108. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Specify stub domains in your guest config device model stubdomain override = 1 Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 109. Intro Network path Bootloader Device model Xen Conclusion HowTo: qemu stub domains Make sure that you have the stubdom image: ioemu-$ARCH.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Specify stub domains in your guest config device model stubdomain override = 1 http://wiki.xen.org/wiki/Device Model Stub Domains Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 26 / 33
  • 110. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 111. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 112. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 113. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 114. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 115. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization PV guests Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 116. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization PV guests PV Hypercalls Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 117. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization PV guests PV Hypercalls Shared address space Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 118. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization PV guests PV Hypercalls Shared address space Survey of security updates looks statistically similar Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 119. Intro Network path Bootloader Device model Xen Conclusion Attack Surface: Xen HVM guests HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization PV guests PV Hypercalls Shared address space Survey of security updates looks statistically similar Security practice: If you can’t use stub domains, use PV VMs Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 27 / 33
  • 120. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 121. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 122. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM FLASK: Framework for XSM developed by NSA Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 123. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM FLASK: Framework for XSM developed by NSA Xen Equivalent of SELinux Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 124. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM FLASK: Framework for XSM developed by NSA Xen Equivalent of SELinux Uses same concepts, tools as SELinux Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 125. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM FLASK: Framework for XSM developed by NSA Xen Equivalent of SELinux Uses same concepts, tools as SELinux Allows a policy to restrict hypercalls Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 28 / 33
  • 126. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What can FLASK do? Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 29 / 33
  • 127. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What can FLASK do? Basic: Restricts hypercalls to those needed by a particular guest Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 29 / 33
  • 128. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What can FLASK do? Basic: Restricts hypercalls to those needed by a particular guest Advanced: Allows more fine-grained granting of privileges Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 29 / 33
  • 129. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What can FLASK do? Basic: Restricts hypercalls to those needed by a particular guest Advanced: Allows more fine-grained granting of privileges FLASK example policy Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 29 / 33
  • 130. Intro Network path Bootloader Device model Xen Conclusion Security feature: FLASK example policy What can FLASK do? Basic: Restricts hypercalls to those needed by a particular guest Advanced: Allows more fine-grained granting of privileges FLASK example policy This contains example roles for dom0, domU, stub domains, driver domains, &c Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 29 / 33
  • 131. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 132. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 133. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 134. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files seclabel=[foo] Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 135. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files seclabel=[foo] stubdom label=[foo] Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 136. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files seclabel=[foo] stubdom label=[foo] http://wiki.xen.org/wiki/Xen Security Modules : XSMFLASK Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 137. Intro Network path Bootloader Device model Xen Conclusion HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files seclabel=[foo] stubdom label=[foo] http://wiki.xen.org/wiki/Xen Security Modules : XSMFLASK WARNING: In 4.3, the example policy not extensively tested. Use with care! Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 30 / 33
  • 138. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 139. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 140. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 141. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 142. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 143. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 144. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 145. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains PV vs HVM Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 146. Intro Network path Bootloader Device model Xen Conclusion Outline Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces Xen features we can use to make them more secure Driver domains pvgrub stub domains PV vs HVM FLASK example policy Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 31 / 33
  • 147. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 32 / 33
  • 148. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Know some key security features of Xen Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 32 / 33
  • 149. Intro Network path Bootloader Device model Xen Conclusion Goal Tools to think about security in Xen Know some key security features of Xen Equipped with the knowledge to get them working Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 32 / 33
  • 150. Intro Network path Bootloader Device model Xen Conclusion Questions Questions? More info at http://wiki.xen.org/wiki/Securing Xen Check out our blog: http://blog.xen.org/ Edinburgh – 21-23 October, 2013 Securing your cloud with Xen’s advanced security features 33 / 33