Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Xen>
  3. Users
Newbie query - Xen and security
andy.elvey at paradise
Jun 26, 2005, 4:13 PM
Post #1 of 2 (288 views)
Permalink
Hi all -
I'm a first-timer here, and have just installed Xen. **Awesome**
stuff! A very easy install, and *superb* documentation by the Xen team
too, so a huge "thank you" to the Xen team!

I have a query re Xen and security. If I'm using the 'net (browsing,
email) while I'm running a Xen-enabled kernel, does that make it more
difficult for the bad guys out there to pop a rootkit or virus onto my
PC? I tend to envision Xen as making everything "virtual", so that if
they did try to rootkit my PC, they couldn't actually _install_ it onto
my system, (as I'm running a "virtual environment" ).

So, if I understand correctly, any "damage" that they try to do is
*totally* limited to the session I'm running, and when I next fire up my
PC, all will be well.

Is my description pretty much accurate? Very many thanks in advance
for your replies!

Bye for now -
- Andy



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Re: Newbie query - Xen and security [ In reply to ]
aliguori at us
Jun 26, 2005, 8:21 PM
Post #2 of 2 (276 views)
Permalink
Andy Elvey wrote:

> I have a query re Xen and security. If I'm using the 'net (browsing,
> email) while I'm running a Xen-enabled kernel, does that make it more
> difficult for the bad guys out there to pop a rootkit or virus onto my
> PC? I tend to envision Xen as making everything "virtual", so that if
> they did try to rootkit my PC, they couldn't actually _install_ it
> onto my system, (as I'm running a "virtual environment" ).
> So, if I understand correctly, any "damage" that they try to do is
> *totally* limited to the session I'm running, and when I next fire up
> my PC, all will be well.

Practically speaking, Xen doesn't really do what you describe. Xen is
not a silver bullet when it comes to security. It's all about how you
use it. For the scenario you describe, your as safe in Xen as you would
be in Linux (it all depends on what you run as root in Linux and what
you run in dom0 in Xen).

What Xen allows you to do, from a security perspective, that something
like Linux doesn't really is to run two virtual machines and have them
be isolated from themselves. Even if you used multiple users in Linux,
you're sharing a considerable amount of resources between the two users
which makes total isolation difficult. Isolation in Xen is much easier
because there's almost no shared resources.

When it comes from protecting you from external attackers, Xen is no
different than Linux. An admitted simplification but I think you get
the idea.

Regards,

Anthony Liguori

> Is my description pretty much accurate? Very many thanks in advance
> for your replies!
> Bye for now -
> - Andy
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal