IBM Pledges To Make Xen More Secure

← Back to Stories (view on slashdot.org)

IBM Pledges To Make Xen More Secure

Posted by Hemos on Monday January 17, 2005 @03:30AM from the getting-news-for-development dept.

An anonymous reader writes "In the latest posting on the Xen developer list, IBM pledges to make Xen more secure by porting its secure hypervisor (sHype) architecture to it. In their posting, IBM discusses an SELinux like access control frame work, resource control and monitoring and trusted computing support for Xen. It appears that a lot is happening on the Xen front (for example, the announcement of XenSource Inc. and Intel's code drop in the xeno-unstable.bk tree for their super secret VT CPU)."

5 of 134 comments (clear)

Min score:

Reason:

Sort:

I'm lazy, refuse to RTFA by LowneWulf · 2005-01-17 03:35 · Score: 5, Insightful

.... seriously people, when describing some new feature of some obscure software package, can you PLEASE tell us WHAT IS IS!?!??!one!!?

"And now, Fronzo v2.1.e, now 21% more secure!"
1. Re:I'm lazy, refuse to RTFA by justsomebody · 2005-01-17 04:19 · Score: 1, Insightful
  
  And that's not obscure?
  
  No. Not even close. Having running few different virtual systems can make your system much more secure. The only problem was that running virtual servers was real CPU hog. That's why Xen uses paravirtual approach. Difference between virtual and paravirtual is that virtual is translating operations, while paravirtual enables direct access. One problem in paravirtual access is that OS running in it must be modified (so,... no Windows and no OSX here)
  
  You can solve all problems which were before with chroot and more. Run another OS in Xen and mail server on it. Imagine that you got hacked. Hacker is still a long way from the same effect as if it would be if service was running in the same OS instance. Basically you can achieve DMZ on one machine. And if you set internal firewalls right you hit jackpot as admin. And here comes the beauty of paravirtual approach. You don't suffer much if you run system inside system.
  
  Typical user doesn't need few systems running, I agree. Server should.
  
  btw. Anybody asking questions like you would probably think that SELinux is obscure too. Why having system file flags, ACLs and SELinux templates (why 3 but 1 sole purpose of it? Well, maybe because they aren't serving the same purpose).
  
  --
  Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
Question by af_robot · 2005-01-17 03:38 · Score: 2, Insightful

What is XEN?!
Re:Questions by Transdimentia · 2005-01-17 03:56 · Score: 3, Insightful

The first thing that pops into my mind would be for partitioning your machine into slices for hosting/dedicated customers while preventing them from walking on each other or even knowing they are there?
Re:What this all means-Pocket Mainframe. by SunFan · 2005-01-17 07:13 · Score: 2, Insightful

In fact if it wasn't for accidents of history. Our computers would be so much more than they are now.

Well, I figure Microsoft has set us back twenty years. The UNIX old-is-new-again migration is beginning to repair that damage, especially with recent advancements that leave Windows feeling lonely. Only Microsoft isn't UNIX, anymore, except for fringe systems.

One good thing about Microsoft is it allowed people to learn a little about what they actually want in a computer, which helped drive refinements in Linux/UNIX. This is ultimately a good thing, and will better allow Microsoft's business model to become obselete as more people get what they want in open systems.

--
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.