User: Password:
Subscribe / Log in / New account

Xen: finishing the job (security view)

Xen: finishing the job (security view)

Posted Mar 10, 2009 18:54 UTC (Tue) by huneycutt (guest, #13037)
Parent article: Xen: finishing the job

Personal perspective – there’s a lot of room for both approaches (KVM and Xen).

Professional perspective – most of my customers are in the DoD or intelligence communities. I’d like to know which approach is going to get the “authoritative backing” for pursuing government-strength security certification and accreditation. I can see arguments for each … multiple KVM partitions running on top of a EAL 4+ version of Linux (RH or HP configuration), or the single Xen hypervisor (reminiscent of a medium assurance version of the Separation Kernel Protection Profile) controlling a single “semi-trusted partition” (dom0) and a bunch of “untrusted partitions” (domU).

Historically, the evaluators much prefer simplicity in the products being evaluated. The more trivial, the more likely to be certified. In this view, testing Xen for SKPP-type controls and granting it a level of trustworthiness in controlling both dom0 and domU domains would seem more likely. Combining an SKPP-type evaluation (for KVM itself) on top of an LSPP/RBAC/etc EAL 4+ evaluation is probably asking too much of anyone … even if the protection profiles used for the RH/HP certifications were still valid.

Unfortunately, I don’t see anyone jumping up and down right now to pay for sponsoring any more NIAP testing, given the state of the common criteria, the pace of virtualization evolution, and the extremely dynamic nature of the certification and accreditation processes themselves. I know that NSA is pressing ahead with the HAP program, but I’d prefer to see the defacto standard solutions come from a purely open source effort, if only to make world-wide secure information sharing achievable. I’d love to hear from anyone with additional information on this topic.

Also unfortunately, when intellectual properties such as Xen and KVM are acquired by major players in the commercial side of the business (which Citrix and RH undoubtedly qualify as), it is human nature to begin to question the motives of their actions (such as belligerently stonewalling kernel incorporation or providing roadmaps which lean strongly toward a recently acquired product without providing documentation of the technical justification for the new stance). Trust is very nearly impossible to regain once it has been compromised. I’d strongly recommend to both Citrix and Red Hat that they continue to work together for the good of the overall user community, advance both of their products as openly as possible, and let the users make the decisions about which approach is best based on their experiences. Otherwise, the open source community is taking a big step toward behaving just like the other folks out there.

(Log in to post comments)

Xen: finishing the job (security view)

Posted Jun 3, 2009 15:39 UTC (Wed) by ceplm (subscriber, #41334) [Link]

Ever heard about SVirt? One of the main reasons why KVM is claimed to be better than Xen, is that it allows reasonable ONE SELinux policy for virtual machines.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds