[XCSSA] Xen and security

[xcssa@xcssa.org]

--ZPDwMsyfds7q4mrK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Background:

Xen works by requiring that the guest OS be slightly re-written
to avoid unsafe operations (e.g. updating page table entries) by
using a new method (e.g. a hypervisor call to Xen).

I've been reading this:
http://www.cl.cam.ac.uk/research/srg/netos/papers/2003-xensosp.pdf

My question is, does this mean that a guest OS can violate the
security model if it chooses to be malicious?  I'm sort of thinking
that guest OS code running at ring > 0 might generate an exception and
be terminated or hose itself, but wouldn't be able to affect any other
guest OSes or the host.  Can anyone think of a way that it could?
--=20
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>

--ZPDwMsyfds7q4mrK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)

iQIVAwUBRaRXcWQVZZEDJt9HAQLAtA/8DeMehfFz06mAXij52imY4zy4w8MqNwvy
n8uhaCgz+fBZG7U77mRRJAJIQrVOnNeHa+oMH27sx3YSx1DEI97KE4vXjHP7MeZ7
NUjxIVbGJOQq5Nnh/Z5WnJHlRKYjaFh5tuO9yoDPbYAXs7xPgPKzNjBRA1dahCb5
jad4UJieLU28jO2gJl31GbNLDMACYcYV+QV65XFotj8iPZ1z1hYYY9kC5gnwu1ZF
edpUJ0BP27bKSHolXzAPFNGbzgm5uzVH47j/sssLAw+Zb9IjBYCV9VPB5aFnO85g
/C9wLXKarf4mK2mIubzxqITQ0f6p2gLSZsmJU6eo1hm2MGbcMa/QotP5XiA9dL/E
Ssg2LlkirU12pC9CbgC7/o+aoDUP4q5wg+AWAWAoje5E5K3JZsu/7mKfxfZrV7OP
HaWVZC7tKs/nWTXdwB4tANjmCB7BH5zi+DC6e6Dje50g3yan2so3f91ABC7OgXWF
qlMpacv6U0yIKbfqkAIVZo5W9kk62kIIkdTkwsq1e/A7KTCYM8cB5wzULXlPmpuD
Uux/cciTKdsc6vhSNDCVkYm0TLwF4QsQw/8WCYeaaynyVpoDy/y0UAjkRSMh103L
BfW6NWHDa9+e0Wk6JgyYuyP439Ru+ZTVc6X3HIXUr9KgYUCUpmaz8m+3p5sTtBiv
a7M5FNbtiiM=
=hLpk
-----END PGP SIGNATURE-----

--ZPDwMsyfds7q4mrK--