Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Pledges To Make Xen More Secure

Posted by Hemos on from the getting-news-for-development dept.

An anonymous reader writes "In the latest posting on the Xen developer list, IBM pledges to make Xen more secure by porting its secure hypervisor (sHype) architecture to it. In their posting, IBM discusses an SELinux like access control frame work, resource control and monitoring and trusted computing support for Xen. It appears that a lot is happening on the Xen front (for example, the announcement of XenSource Inc. and Intel's code drop in the xeno-unstable.bk tree for their super secret VT CPU)."

11 of 134 comments (clear)

  1. Re:I'm lazy, refuse to RTFA by inox · · Score: 5, Informative

    xen is certainly not an obscure software package.
    read more at http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

    its a virtual machine monitor that allows you to run concurrently multiple OS on the same machine, achieving the same kind of functionnality than vmware, although the approaches are different

  2. What this all means by Anthony+Liguori · · Score: 5, Informative

    Xen is an open source hypervisor for intel hardware. A hypervisor allows multiple operating systems to run side-by-side simultanously. Don't think VMware, think partitioning on a mainframe.

    Intel's VT technology is hardware support for partitioning. Google it.

    sHype is a research hypervisor at IBM that implements advanced security mechanisms much in the same way that SELinux does.

    So, think mainframe style partitioning with the security of SELinux.

    1. Re:What this all means by Anonymous Coward · · Score: 1, Informative

      Or if you are going to think VMWare, think VMWare ESX server edition...

      Xen can do CPU bounding on its guest OSes making sure they only use a fixed amount of CPU cycles. This ability differentates it from User-Mode-Linux and other kernel-as-process type virtualizations.

  3. Re:I'm lazy, refuse to RTFA by Skasta · · Score: 2, Informative

    Slashdot users may not need this, but it is usefull for businesses of all sizes. That is why most corporations like IBM, HP, Intel and Novell are starting to have employees work on Xen.

  4. Re:Doesn't run Windows by keebler · · Score: 5, Informative

    It's because Xen requires modifications to the OS in order to function. An earlier version supported XP (sorta), but it hasn't been maintained.

    VMWare doesn't require OS modifications because it virtualizes the entire machine (slow). Xen does, because it only fully virtualizes some resources, and forces the OS to go through the hypervisor (not as slow).

    --
    My HOUSEHOLD APPLIANCE is on DRUGS.
  5. Re:Questions by Chirs · · Score: 3, Informative

    It's roughly 10 times faster than UML.

  6. Re:Questions by Anonymous Coward · · Score: 1, Informative

    What is Xen good for, exactly? I mean I can run NetBSD, linux, linux and linux on the same machine?

    Xen can run it almost at its native speed, unlike other virtualization technologies.

  7. Re:Questions by Paul+Crowley · · Score: 3, Informative

    I'd assumed you were greatly exaggerating for dramatic effect, but benchmarks show a range from almost no improvement to a factor of 5.

    --
    Xenu loves you!
  8. Re:Questions by Lemming+Mark · · Score: 2, Informative

    In addition to other posted comments, Xen can also perform live migration (move running virtual machines to another host without stopping them) and can run Linux device drivers in sandboxed, restartable domains.

  9. Re:Doesn't run Windows by Eric+Smith · · Score: 4, Informative
    There are instructions on the Intel that are not easily virtualized (read this as expensive to run). That is what you get with VMWare/Bochs over Xen.
    Both Intel and AMD have stated that they plan to add virtualization support to forthcoming CPUs, which will have at least two useful benefits:
    1. VMware will run with much lower overhead, because it will no longer have to prescreen instruction sequences for those that have to be simulated (or binary translation, or whatever it s they're currently doing)
    2. Xen will be able to support unmodified guest operating systems
    I assume that the latter is what the mentioned Intel code drop is all about.

    Intel has mentioned two (different?) virtualization features, code named "Vanderpool" and "Silvervale". AMD calls theirs "Pacifica", and it is apparently not a clone of the Intel schemes, though it is expected to provide the same benefits.

  10. Re:I'm lazy, refuse to RTFA by PSC · · Score: 2, Informative

    its a virtual machine monitor that allows you to run concurrently multiple OS on the same machine, achieving the same kind of functionnality than vmware, although the approaches are different

    XEN, while unlike the VMware Workstation and GSX Server versions, works pretty similar to VMware ESX Server. It is kind of like a micro kernel providing a hardware abstraction layer and scheduling mechanism. The first guest image booted controls the abstraction layer, pretty much like XEN.

    Well, the pricing approach of XEN is fundamentally different, though.

    --
    --- The light at the end of the tunnel is probably a burning truck.