Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] does xen improve security?
From: Crispin Cowan (crispinnovell.com)
Date: Fri Sep 23 2005 - 05:05:40 CDT
Joe Knall wrote:
> Hi all,
> imagine a ftpserver and a webserver running in two xen virtual machines
> on one box; now say the ftpserver is hacked, the attacker gains root
> How much does xen protect the other vm (webserver) against the attacker?
> Is it as if the webserver was running on a different physical box?
> In /usr/share/doc/packages/xen the main focus seems to be flexibility
> rather than security.
> Anyone with experience?
Running services in separate virtual machines does provide you with
*some* security protection, but with 2 major limits:
1. The security of the containment provided by Xen is questionable.
Xen 2.0.6 when attacked by crashme lives for only seconds
That means that if you feed "strange" sequences of instructions to
a Xen virtual machines, then unpredictable things can happen. Some
of those surprising things amount to a way to escape from the
virtual machine, which means that it is relatively easy for
attackers to find an exploit that would let them hack you. This
vulnerability is *conjectured*, but there is no assurance of
2. Virtual machines provide you with *isolation*, which is not very
flexible. For instance if you have the FTP server on a separate VM
than your web server, then you cannot use the FTP server to update
the web pages.
In contrast, Novell AppArmor was designed specifically for the purpose
of securely confining things like your FTP and web servers. I actually
presented a tutorial on exactly this topic at Novell Brainshare last
week in Barcelona. Here is the official page
and here is a copy of the talk
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here