LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Transcendent memory

Transcendent memory

Posted Jul 8, 2009 23:16 UTC (Wed) by aliguori (subscriber, #30636)
In reply to: Transcendent memory by nix
Parent article: Transcendent memory

Why limit your security to a shared secret when you can implement stronger policies within the hypervisor itself?

A common requirement with virtualization is to implement "chinese wall" security policies. Imagine if you had a single box that was running a production server as a VM for both Coke and Pepsi. No matter what, neither company wants there to be any chance that the other one can access it's data. The hypervisor must be able to enforce that. If the Pepsi VM was somehow able to obtain the UUID for the Coke shared tmem pool (even if it was because of a bug in the Coke server), you'd have one unhappy customer.

If you were to support a memory sharing system like this, you would want the available pools to be enumerated by the hypervisor. You likely want to support dynamic pools too so you need some way to hot add/remove pools. Using uuids is certainly a reasonable means of identifying pools but the point is that you need a more coherent strategy for exposing the pools to the guest that is arbitrated by the hypervisor.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds