compare to https://mice.cs.columbia.edu/getTechreport.php?techreport...;
Qubes: security by virtualization
Posted May 6, 2010 13:08 UTC (Thu) by sorpigal (subscriber, #36106)
Posted May 6, 2010 13:22 UTC (Thu) by spotter (subscriber, #12199)
particularly http://www.ncl.cs.columbia.edu/publications/compsac2006_f... and http://www.ncl.cs.columbia.edu/publications/sosp2007_deja...
Posted May 6, 2010 14:43 UTC (Thu) by PaXTeam (guest, #24616)
Posted May 6, 2010 15:46 UTC (Thu) by spotter (subscriber, #12199)
In a KVM or xen type case, the kernel really is still part of the TCB, just that with a containers model, exploiting kernel flaws is more straightforward.
Posted May 6, 2010 21:53 UTC (Thu) by PaXTeam (guest, #24616)
care to quote me that part from your paper? i was specifically looking for anything kernel bug/exploit related and found nothing, ditto for discussing what constitutes the TCB. whenever you mention exploit it's always in the context of application (userland) exploits, never the kernel.
> if your threat model has to deal with kernel exploits[...]
yours does, that's what i was trying to imply. there's nothing to prevent a userland exploit from going after a kernel bug next. in other words, your system wouldn't survive for long in the real world, quite the contrary to your claims ;).
Posted May 6, 2010 23:28 UTC (Thu) by spotter (subscriber, #12199)
It's actually not in that old tech report, nor in the final version being submitted to USENIX due to space constraints, but was in intermediate versions and has always been in the talks I've given on it, where I basically stated up front that we were concerned about exploits like the run of PDF exploits, but if you are concerned about the kernel being exploited as well that would need a different container approach being container's don't provide isolated kernels.
so I'll agree with
Posted May 6, 2010 23:29 UTC (Thu) by spotter (subscriber, #12199)
Posted May 7, 2010 4:49 UTC (Fri) by spotter (subscriber, #12199)
"While VMs provide superior isolation, they suffer higher overhead due to running independent operating systems. This impacts performance and makes them less suited for ephemeral usage on account of their long startup times. However, Apiary can leverage them if one does not want to trust a single operating system kernel."
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds